PDA

View Full Version : poll page



pistolpapa
05-28-2006, 09:55 AM
I'm fairly new to php and mySQL. Being a dog lover, I'm thinking about making a personal website where there's a poll page about America's favorate dogs. This is the idea in my head.

1. drop down menu for people to select their region, say hawaii or new york.
2. several text boxes to get people's input as vote on dog kinds
3. email address
4. submit button

After submittion, the names get validated (meaning repeated entries will only count once), email address got recorded into database, and votes get stored into database.

Don't wanna bore the follks here, I like to have the top five kinds of dogs of america listed as a feedback from the database, so it won't need to be updated often even when the ranking changes. In addition, statistics about top entries could be analyzed in a pie chart.

AAAaaright, i'm finally over. Now my question is that, am I pretty much looking at serious php and mySQL programming from scratch? I've tried to look into scripts such as phppoll, phpQuestionnaire... which offers execellent poll service, but doesn't do everything I needed, so now I'm at this confusion point of what to do. Any light is going to be appreciated.

God bless.

simonf
05-28-2006, 12:31 PM
What you could do is download a cookie to their PC and if they try to go to the data form page make a pop up to say already voted etc. This would not stop them deleting the cookie if you give it a simple name, but it would confuse most people and make the complete process faster, as it would not have to search the complete DB looking for duplicates. Just a suggestion.

simonf
05-28-2006, 12:38 PM
Hi

A free poll script at this url (http://www.asptutorial.info/sscript/poll.asp)

pistolpapa
05-28-2006, 09:06 PM
Thanks Simon,

to complete my project though, I need more than just the script provided. Am I looking at serious PHP/mySQL coding from scratch, or I can use partially the code and modify myself.

pistolpapa
05-28-2006, 09:10 PM
What you could do is download a cookie to their PC and if they try to go to the data form page make a pop up to say already voted etc. This would not stop them deleting the cookie if you give it a simple name, but it would confuse most people and make the complete process faster, as it would not have to search the complete DB looking for duplicates. Just a suggestion.

Sounds good.

Actually, I'd like them to vote only once on one day, but if they think of some more names some other day, they are welcome to come back and vote tomorrow. So if there anyway to check their email address, and if it's the same one from an earlier input today, then they are prompted not to vote again, or the redirected to a page which says no you can no longer vote.

Twey
05-28-2006, 09:11 PM
IP and cookie both, I'd think. Neither are certain measures, but neither should have any adverse effects either.

djr33
05-29-2006, 07:24 AM
IPs for dialup users rotate, so if you have 20 people from AOL visiting your site, you might end up with one who can't vote because their IP at the time matches what someone else had at the time they voted.


Logins are the only sure way. Aside from that, IPs are good, but if people wish to cheat, they can go to another computer.

Remember, you could just put "please don't vote twice"; the people who would honor that will honor using only their computer.
But the people who wouldn't honor that might use another machine... cheaters will always be cheaters.

So... if you have a way that it can be gotten around, it's not that much better than just "please don't vote twice".

Just something to think about.


Checking the email will only stop stupid users who don't know to put a new email. UNLESS you make them varify by an email sent to them... which is too much work for you and too much for them.
Also, people (myself included) have multiple email addresses sometimes for this purpose, or signing up for things that will inevitably give them spam at the email they use... so.. use a backup.
Cheaters, again, can cheat.

simonf
05-29-2006, 09:38 AM
Actually, I'd like them to vote only once on one day, but if they think of some more names some other day, they are welcome to come back and vote tomorrow. So if there anyway to check their email address, and if it's the same one from an earlier input today, then they are prompted not to vote again, or the redirected to a page which says no you can no longer vote.

You can date the cookie.. I.E only valid for the day in question!!!

simonf
05-29-2006, 09:49 AM
Something like this:

/**
* Sets a Cookie with the given name and value.
*
* name Name of the cookie
* value Value of the cookie
* [expires] Expiration date of the cookie (default: end of current session)
* [path] Path where the cookie is valid (default: path of calling document)
* [domain] Domain where the cookie is valid
* (default: domain of calling document)
* [secure] Boolean value indicating if the cookie transmission requires a
* secure transmission
*/
function setCookie(name, value, expires, path, domain, secure)
{
document.cookie= name + "=" + escape(value) +
((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
((secure) ? "; secure" : "");
}

simonf
05-29-2006, 10:06 AM
Another example of a cookie that counts Cookie Example (http://www.js-examples.com/page/javascripts__example.html?view=41)

Twey
05-29-2006, 11:09 AM
IPs for dialup users rotate, so if you have 20 people from AOL visiting your site, you might end up with one who can't vote because their IP at the time matches what someone else had at the time they voted.Very unlikely, I think. How many AOL users are there out there?
Logins are the only sure way. Aside from that, IPs are good, but if people wish to cheat, they can go to another computer.True, but there's no other way, barring logins, which are too much hassle for the average poll-voter.

simonf: Since server-side scripting will be required anyway, cookies should be sent in the HTTP headers. This is much more reliable than setting a cookie using client-side scripting.

djr33
05-29-2006, 09:37 PM
Lots of people use AOL. It's very popular. With the average computer user, not web designers and such, that is.

Using a cookie is pointless.... the user can just clear cookies and they can vote again.

Twey
05-29-2006, 10:03 PM
Lots of people use AOL. It's very popular.That's my point. The more AOL users there are, the less likely it is that the Guy B both obtains Guy A's old IP address and visits the site, within one day.

Using a cookie is pointless.... the user can just clear cookies and they can vote again.It's not pointless. It's not secure, no, but it will provide a "hey, you can't do that" factor. While there are no real downsides, it's perfectly acceptable to throw pointless solutions at a problem. :)

djr33
05-29-2006, 11:51 PM
But they rotate randomly... you're just saying it's a big pool to choose from... that is somewhat true, but certainly not foolproof. It is unlikely, though.
What about shared computers, then? Brothers, etc?

Well... as I said before, it does nothing more than a note that "please only vote once" if the people know how to delete cookies, which isn't hard.

pistolpapa
05-30-2006, 10:55 AM
Thanks for all the input, they've been very helpful.
If IP rotates around randomly, and since the population of users is probably 10s of thousands, is the possibility of hitting a user near to zero?
If that's the case, IP and email address probably provide a good bundle to prevent users from voting twice on a single day.
Beside that,
Having seen all of the "self generated random" security numbers used on google, yahoo and many other major websites, is it actually necessary or useful to put something like that before they submit the vote to prevent hackers hacking into the system and mess around?

pistolpapa
05-30-2006, 10:58 AM
But they rotate randomly... you're just saying it's a big pool to choose from... that is somewhat true, but certainly not foolproof. It is unlikely, though.
What about shared computers, then? Brothers, etc?

Well... as I said before, it does nothing more than a note that "please only vote once" if the people know how to delete cookies, which isn't hard.
True, good point. What if my brother wants to vote as well. In that case, the simpliest idea may be the most applicable one. Email address verification could be the solution in this situation. However, the question is, can someone writes a software and generates many different email addresses while entering many false votes on the website. Should a security check be in place?

djr33
05-30-2006, 11:56 AM
Email also has issues.
You can do things to give yourself many emails... if it's nothing more than signing up a lot at hotmail.
Also, checking their email is something more than some would-be-voters would want to do.

It's hard to figure out... IP probably is the best option... but not perfect. Still thinking....