duanming0494
2011-09-09 03:23
浏览 40

PHP - 安全的投票方式?

Let's say I want to open a simple, simple poll which could be hand-made via PHP. There are only two options. Option A or Option B. Without telling people to register, what is the most secure way to deter cheating?

If possible, I would like to use MySQL to store the data such as the votes. I am not asking for code, I am asking for ways on what I should do.

I say no registering because it puts people off just for a simple vote...

Thank you and have a good day.

图片转代码服务由CSDN问答提供 功能建议

假设我想打开一个简单的简单,可以手工制作的民意调查 通过PHP。 只有两个选项。 选项A或选项B.在不告诉人们注册的情况下,阻止作弊的最安全方法是什么?

如果可能,我想使用MySQL存储诸如投票之类的数据 。 我不是要求代码,我正在问我应该做些什么。

我说没有注册,因为它让人们只是为了一个简单的投票......

谢谢你,祝你有个美好的一天。

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

4条回答 默认 最新

  • doubu2730 2011-09-09 03:38
    已采纳

    Defence in depth. Store as much identifying information as you can.

    Store IP address, browser agent, host address, host name ... everything you like the look of, in your MySQL table. If ALL of these match, then it's someone trying to dupe.

    Set a cookie to stop them voting. If this exists, they're trying to dupe.

    Set a flash cookie to stop them voting (entirely different to normal cookies, get Googling :P) If this exists, they're trying to dupe.

    Plus anything else you can think of. There will always be ways to get around it, of course, as it's always extremely hard to say "yes, that almost untraceable request came from that person", but it's more about making it a MASSIVE pain in the ass to beat the system with something like this.

    已采纳该答案
    打赏 评论
  • doulangchao8934 2011-09-09 03:28

    There is no "good" way, let alone a "secure" way. Store their IP address, and don't allow additional votes from that IP. People behind NAT get screwed, but it's really the only thing you can do.

    Alternatives include sending them a cookie which prevents them from voting twice, but that is trivially circumvented by even the most tech-unsavvy user.

    打赏 评论
  • dongmou3615 2011-09-09 03:40

    IP is the way to go without registration. You could also get and check against the useragent in addition to the IP address, this might allow for a few more people who are using different computer configurations from the same IP address. Good luck.

    打赏 评论
  • dpwh11290 2011-09-09 04:21

    Give each voter an ever cookie. It's sneaky as all hell, and some people take issue with them, but if you want a fairly good guarantee this is probably it.

    打赏 评论

相关推荐 更多相似问题