Re: [phpesp-general] Ballot Stuffing and Embedding

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 5 Dec 2001, James O'Malley wrote:

> Love phpESP!  Keep up the good work.  Got a couple of questions.
>
> I was wondering if there was method that you recommend
> for limiting multiple posts or ballot stuffing.  I know
> that this program is intended for more closed system
> (ie within a department or company), but it'd be nice
> to figure out a way to address that issue to make
> results more valuable.

There are really only two ways to track users. The first is
by IP address, and the second is by cookies. Neither are
very foolproof, but would help some. My suggestion is to
let people try to ballot stuff, but to track them so you
can silently ignore those entries when tabulating data.

Tracking IPs has big problems with web proxies (ie. AOL
users). However you could easily edit the handler to set
the userid based on remote IP. Tracking by cookies has
problems with public computers.  Tracking by cookies would
be a little bit harder, but could probably still be done
completely within the handler.

There are hooks in the handler already to help track users.
The handler looks at three things in order and picks the
first one that is set for the "userid".
0.  The POST variable "userid".
1.  The GET variable "userid".
    [ as in handler.php?foo=bar&userid=killroy ]
2.  The REMOTE_USER variable.
3.  The QUERY_STRING  [ as in handler.php?killroy ]

If you are sending an email to people for example, you
could include their email address (or some number that you
have assigned to them) in the URL of the survey. So they
would get a link like:
  http://some.host.com/mysurvey.php?N12353
where N12353 is the key in your database for the person the
email was sent to.

> Also, for some reason when I embedded the php tag in my index.php file,
> submitting doesn't insert any data.  I embed it in a blank page...
> survey.php and it works just fine.  Any known issues with embedding in an
> existing php page?  I don't think I have any colliding variables btw.
>
> Using 1.3RC1

I do not know of any problems off hand. You should check to
make sure that you do not have overlapping <form> tags in
the produced HTML. Could you send me (off-list) the URL of
page that does not work, and possibly the PHP source of the
template?

As of 1.3RC1 there is an alternative method of embedding
the form, which may work better. It is specifically
designed for use when authenticating respondents, but may
help if you have complicated PHP templates already. Read
the comments at the top of the public/handler-prefix.php
file for details.

Take it easy,
-James