Poll mod authentication? - Posted (1224 Views)
Zenfor
Junior Member
Zenfor
Posts: 372
372
For non registered users, does the poll mod block anonymous IP's, proxy servers, or does it do anything to prevent duplicate voting by non registered members other than allow one vote per IP?

I have a feeling some non-registered folks are voting multiple times on my site.
Thank you!
 Sort direction, for dates DESC means newest first  
 Page size 
Posted
Carefree
Advanced Member
Carefree
Posts: 4224
4224
No. Cookies, anonymous IPs, proxy servers, etc.; can all be manipulated. There is no way to prevent someone who isn't signed in from voting multiple times, unless you restrict voting to members only. That's an easy fix.
"post.asp"
Code:

Look for the following lines (appx: 817-832), and delete the lines in red.

if Request.QueryString("poll") = "1" and (strRqMethod = "Topic" or strRqMethod = "EditTopic") then
	Response.Write "	<tr>" & vbNewline & _
			"        <td bgColor=""" & strPopUpTableColor & """ noWrap vAlign=""top"" align=""right""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><b>Who Votes:</b></font></td>" & vbNewline & _
			"        <td bgColor=""" & strPopUpTableColor & """>" & vbNewline & _
			"		<select name=""WhoVotes"" size=""1"">" & vbNewline & _
			"			<option value=""everyone"""
	if strWhoVotes = "everyone" or strRqMethod = "Topic" then Response.Write(" selected") 
	Response.Write ">Everyone</option>" & vbNewline & _
			"			<option value=""members"""
	if strWhoVotes = "members" then Response.Write(" selected") 
	Response.Write ">Members Only</option>" & vbNewline & _
			"		</select></td>" & vbNewline & _
			"    </tr>" & vbNewline
end if

Now, if you simply want to eliminate the bulk of anonymous/proxy users (it won't stop the really determined), you could do something like this. This does not set a cookie to indicate non-members have voted. That's another step.
"topic.asp"
Code:

Look for the following lines (appx 429-430):

'################################## Poll Mod #####################################
Select Case Request.Form("Method_Type")


Change those to say:

'################################## Poll Mod #####################################
strPollType = Request.Form("Method_Type")
ua = Request.ServerVariables("HTTP_USER_AGENT")
rp = Request.ServerVariables("REMOTE_PORT")
If rp > 9000 And rp < 9100 Then strPollType = "Proxy"
If InStr(ua, "Forwarded") Or InStr(ua, "Via") Or InStr(ua, "Proxy") Or InStr(ua, "forwarded") Or InStr(ua, "via") Or InStr(ua, "proxy") Then strPollType = "Proxy"
Select Case strPollType
	Case "Proxy"
		Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """> </font></p>" & vbNewLine & _
			"<table align=""center"" border=""0"">" & vbNewLine & _
			"	<tr>" & vbNewLine & _
			"		<td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Voting not allowed for proxy or anonymous connections!</font></td>" & vbNewLine & _
			"	</tr>" & vbNewLine & _
			"</table>" & vbNewLine & _
			"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """> </font></p>" & vbNewLine
		WriteFooter
		Response.End
Last edited by Carefree on 28 December 2015, 20:14
Posted
Zenfor
Junior Member
Zenfor
Posts: 372
372
Originally posted by Carefree
No. Cookies, anonymous IPs, proxy servers, etc.; can all be manipulated. There is no way to prevent someone who isn't signed in from voting multiple times, unless you restrict voting to members only. That's an easy fix...

That's what I thought. Thank you!
Posted
Davio
Development Team Member
Davio
Posts: 12217
12217
Yeah, only way to prevent multiple users from voting is to set the poll as members only. The only way non-members who voted are tracked is via cookies, which can easily be by-passed by deleting your cookies.
Support Snitz Forums
Posted
Carefree
Advanced Member
Carefree
Posts: 4224
4224
You're welcome. If you opt to go with writing/reading a cookie, we can add that; but a savvy user determined to vote multiple times will simply delete the cookie.
Posted
Davio
Development Team Member
Davio
Posts: 12217
12217
Originally posted by Carefree
You're welcome. If you opt to go with writing/reading a cookie, we can add that; but a savvy user determined to vote multiple times will simply delete the cookie.
Isn't that what it currently does Carefree? I'm pretty sure I didn't leave the non-members voting without some basic tracking of who voted.
Support Snitz Forums
Posted
Carefree
Advanced Member
Carefree
Posts: 4224
4224
Originally posted by Carefree
You're welcome. If you opt to go with writing/reading a cookie, we can add that; but a savvy user determined to vote multiple times will simply delete the cookie.
Isn't that what it currently does Carefree? I'm pretty sure I didn't leave the non-members voting without some basic tracking of who voted.
Yes, it does. It's in a "inc_func_common.asp" routine. So, if the anonymous people are voting multiple times, they are deleting the cookie and there's nothing that can be done about it.
 
You Must enter a message