I've only written a few small php web apps and I'm throwing code together right now to allow for users to submit short stories. these stories will display and allow others to vote them up. The winner receives something rather valuable and I'm paranoid people are going to try to manipulate it.

Debian / Apache / PHP 5.2 / jquery

users are not required to login / authenticate.

users can vote multiple stories up but only once for each story

Is it as simple as tagging each story with an IP address and not counting other submissions from that IP? Thanks for any advise.

Accepted Answer

No, it's not that simple. It's rather easy to spoof IP addresses and people can just vote from several places. Moreover, it's very likely that there are different people/computers connected using the same IP address. It's even (highly) possible that different people try to vote using the same computer (and browser).

Even a login system is not waterproof: you simply can't verify people's identities. Users can input different email addresses and fake data like names and birth dates.

On the other hand, if you want a unique identification of a given browser on a given computer (opposite to unique users), have a look at Panopticlick and read Browser Fingerprints – How Unique Is Your Browser – Panopticlick.

Apart from this, you can still (try to) use a cookie to identify a browser with which a vote has been cast.

Written by Marcel Korpel
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki