On Wed, 22 May 2002, Jason Soza wrote:
> Using file locking, if two people tried to use the script at the same 
> time, wouldn't there be an error for one of them?

The second session would just have to wait for the first to finish (which 
should be an infinitessimal amount of time).

> My first guess at defeating this is having the script write a file named
> after the voter's IP. Have the file written to a different directory for
> whatever choices they have, then use readdir() to count the files in
> each directory, i.e. the number of votes for each choice.  Then if that
> same IP tries to vote again, check it against votes already received and
> approve/deny it.

Using IPs is a pretty lousy way of uniquely identifying users, especially 
for a purpose like this:

1. If I dial in with a modem, I probably get a new IP each time I connect, 
so I can vote as often as I like.

2. Many companies, ISPs, and even countries use proxy servers that
aggregate thousands or millions of users behind a handful of IP addresses.  
One vote from China, Saudi Arabia or New Zealand and that could be it for
the country. Likewise AOL.

Try cookies or something. Still can be defeated by the determined 
ballot-box stuffer, but so can everything else that doesn't require human 
verification of identity.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to