[phpesp-dev] ballot stuffing

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hey Guys ... I was thinking today about ballot stuffing. As
is right now, phpesp does nothing to prevent this (except
in private surveys). I want a way to at least provide some
level of protection against stuffing attempts. At the least
you should not be able to hit reload on the "Thanks" page
and have it be counted again. Here is what I was thinking:
(and this might have the bonus of being able to go back and
forth on a multipage survey)

. When someone loads the first section (or only section in
  a survey w/o pages) a random key is generated. Call this
  key K, which should be 32-bits.
. Store this key in a column of the 'response' table, along
  with the next response id (autoincrement).
. Put the key C, and response id RID on the survey page in
  hidden form fields.
. On a submission, we check the following things, only if
  all tests pass do we store the response:
   1) Lookup the key K for the RID submitted. Check against
      submitted key.
   2) The current time is less than 24 hours different than
      the time the RID was stored in the response table.
   3) The response RID is not already marked completed.
   4) IP/userid is same as when RID was created. (?)

Pluses:
. Hitting reload won't do anything.
. You can't just make up RIDs and submit.

Minuses:
. You could still have a script stuff the ballot, but it
  would have to parse the page so it'd be marginally harder
  to write and slower.
. More data (4 bytes per response) to store in database ==
  more disk usage

Big Minus:
  Far more RIDs could be wasted since one is generated at
  the *first* page, rather than the second. With a unsigned
  int there are 4 million RIDs ... this would only be a
  problem on high volume sites.

====

There is no way to prevent stuffing, a script that parses
the page will always work, unless you block by IP address,
which is a bad thing to do, and I won't do it. This method
above will force anyone trying to ballot stuff to write a
script that reads the page first ... we track submit times
and possibly IP addresses, so it should be easy to see a
pattern from a script.

Thoughts/Comments? Want to code it?
-James