This question already has answers here:
Closed 7 years ago.
Possible Duplicate:
Unique IPs in a voting system
I am developing a small web app where it needs an online voting system using php for my college event. I was obtaining IP Address and storing it in database to prevent repeated voting from same user. But then I remembered that my college uses a proxy server so obtaining IP address is useless.
I tried accessing and storing Mac Address of the client using javascript.. I tried out a few examples that i found on the internet.. but none of them worked.
Can you guys suggest me an alternative to how can I get the results I want??
Any sort of help would be heartily appreciated.
Regards,
Aayush Shrestha
Nepal
Have them enter their email addresses and send a link to their email that allows them to vote. The link should include some hash of their email and you would have to check if they have already voted or not.
I realize that a student could enter multiple email addresses and vote multiple times, but how many emails does a student really have? And how much time would they spend doing something like that?
I'm guessing you don't have access to any sort of authentication system through your college, so this is probably the best way.
Edit:
Another idea is to use Facebook authentication (see: http://developers.facebook.com/docs/authentication/). The downside is that you have to assume that all voters have facebook accounts.
First get the user to register an email address so they can use the voting system subsequently associated with that address.
Once you have an email address (that is validated with a activation link sent to that email), then you can gather voting related input from the user.
There is really no effective, platform-independent way of preventing repeated voting unless you enforce user certificates, etc.
The only 100% airtight way to do this would be to make users create accounts that require some personally unique information to prevent a user from making multiple accounts.
The closest you can come without a login system is the Evercookie library, which stores a UUID in about a dozen different places in the user's browser. It's very difficult to clear them all out (even using a privacy mode in the browser), so if you give an Evercookie to a user when they vote, you can probably spot someone who has voted before.
Note that this stops repeat voting on the machine level, not the user level (a machine may haave multiple users, and a user may have multiple machines, which might enable repeat voters or block eligible voters).