Microsoft.AspNetCore.Mvc.Localization.LocalizedHtmlStringPoll mod authentication?

Author : Zenfor
Subject : Poll mod authentication?
Posted : 28 December 2015, 11:57
Message :

For non registered users, does the poll mod block anonymous IP's, proxy servers, or does it do anything to prevent duplicate voting by non registered members other than allow one vote per IP?

I have a feeling some non-registered folks are voting multiple times on my site.
Thank you!

Reply Author: Carefree
Replied on: 28 December 2015, 19:36
Message:

No. Cookies, anonymous IPs, proxy servers, etc.; can all be manipulated. There is no way to prevent someone who isn't signed in from voting multiple times, unless you restrict voting to members only. That's an easy fix.
"post.asp"

Code:


Look for the following lines (appx: 817-832), and delete the lines in red.

if Request.QueryString("poll") = "1" and (strRqMethod = "Topic" or strRqMethod = "EditTopic") then
	Response.Write "	<tr>" & vbNewline & _
			"        <td bgColor=""" & strPopUpTableColor & """ noWrap vAlign=""top"" align=""right""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><b>Who Votes:</b></font></td>" & vbNewline & _
			"        <td bgColor=""" & strPopUpTableColor & """>" & vbNewline & _
			"		<select name=""WhoVotes"" size=""1"">" & vbNewline & _
			"			<option value=""everyone"""
	if strWhoVotes = "everyone" or strRqMethod = "Topic" then Response.Write(" selected") 
	Response.Write ">Everyone</option>" & vbNewline & _
			"			<option value=""members"""
	if strWhoVotes = "members" then Response.Write(" selected") 
	Response.Write ">Members Only</option>" & vbNewline & _
			"		</select></td>" & vbNewline & _
			"    </tr>" & vbNewline
end if

Now, if you simply want to eliminate the bulk of anonymous/proxy users (it won't stop the really determined), you could do something like this. This does not set a cookie to indicate non-members have voted. That's another step.
"topic.asp"

Code:


Look for the following lines (appx 429-430):

'################################## Poll Mod #####################################
Select Case Request.Form("Method_Type")


Change those to say:

'################################## Poll Mod #####################################
strPollType = Request.Form("Method_Type")
ua = Request.ServerVariables("HTTP_USER_AGENT")
rp = Request.ServerVariables("REMOTE_PORT")
If rp > 9000 And rp < 9100 Then strPollType = "Proxy"
If InStr(ua, "Forwarded") Or InStr(ua, "Via") Or InStr(ua, "Proxy") Or InStr(ua, "forwarded") Or InStr(ua, "via") Or InStr(ua, "proxy") Then strPollType = "Proxy"
Select Case strPollType
	Case "Proxy"
		Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """> </font></p>" & vbNewLine & _
			"<table align=""center"" border=""0"">" & vbNewLine & _
			"	<tr>" & vbNewLine & _
			"		<td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Voting not allowed for proxy or anonymous connections!</font></td>" & vbNewLine & _
			"	</tr>" & vbNewLine & _
			"</table>" & vbNewLine & _
			"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """> </font></p>" & vbNewLine
		WriteFooter
		Response.End

Reply Author: Zenfor
Replied on: 28 December 2015, 19:43
Message:

Originally posted by Carefree
No. Cookies, anonymous IPs, proxy servers, etc.; can all be manipulated. There is no way to prevent someone who isn't signed in from voting multiple times, unless you restrict voting to members only. That's an easy fix...

That's what I thought. Thank you!

Reply Author: Davio
Replied on: 28 December 2015, 20:16
Message:

Yeah, only way to prevent multiple users from voting is to set the poll as members only. The only way non-members who voted are tracked is via cookies, which can easily be by-passed by deleting your cookies.

Reply Author: Carefree
Replied on: 28 December 2015, 20:16
Message:

You're welcome. If you opt to go with writing/reading a cookie, we can add that; but a savvy user determined to vote multiple times will simply delete the cookie.

Reply Author: Davio
Replied on: 28 December 2015, 20:17
Message:

Originally posted by Carefree
You're welcome. If you opt to go with writing/reading a cookie, we can add that; but a savvy user determined to vote multiple times will simply delete the cookie.

Isn't that what it currently does Carefree? I'm pretty sure I didn't leave the non-members voting without some basic tracking of who voted.

Reply Author: Carefree
Replied on: 29 December 2015, 00:51
Message:

Originally posted by Carefree
You're welcome. If you opt to go with writing/reading a cookie, we can add that; but a savvy user determined to vote multiple times will simply delete the cookie.

Isn't that what it currently does Carefree? I'm pretty sure I didn't leave the non-members voting without some basic tracking of who voted.
Yes, it does. It's in a "inc_func_common.asp" routine. So, if the anonymous people are voting multiple times, they are deleting the cookie and there's nothing that can be done about it.

Poll mod authentication?

Topic

Replies ...