Morning all. I've been landed with doing a very urgent petition and wonder if anyone has any ideas about protecting the input. I'm worried about the site being 'happy clicked' and need some way - possibly more than one - of at least attempting to ensure the sign ups are 'valid' in some way. I can check for existing records and discount duplicates but that might lead to valid people being refused, I think. Anyone with any thoughts? Jon
Make people give in their email as well. So no one with the same email can vote again. Very simple and basic. The only people who will bypass this will be people with a lot of time to spare. You can also check duplications of ip's. This mix should help a lot. There is never a way to be protected only 100% but using these simple technics should help you filter out the spammers or double voters.
Thanks Doskono, checking email is a good one as it'll be easier to get right rather than trying to check if a street address is the same (and, of course, it can be checked as existing). I'm not sure about IPs. The petition will be 'signed' by people in quite a small geographic area (literally one village/town) so I'm concerned there's a reasonably high chance of two distinct users having the same IP issued (not at the same time of course!) with major ISPs. I'm not sure if this is a realistic concern or not, my networking knowledge in this respect isn't great... Jon
Than cross reference with email and address... if one of those is same than it shouldn't go through. If it's a small town/village than with these two you should be fine.
Thanks again. In the end I've gone for a simple 'confirmation' system. Petitioners must complete an email - and they are then emailed with a confirmation code that they need to click to confirm their entry. I've also made the stored emails unique so I'm hoping that's enough. Jon
Even activation mails can be added into a script for someone really determined. If you can't use IPs thats ok, you could always use a captcha which would at least kill most automated scripts Unique emails can be gotten around with free mail addresses like mailinator.com Other than that, also make sure you go through all the results at the end (500 votes for one thing every 4 seconds is a bit of a red flag)