disable multiple voting on user comments
Yeah, just keep a separate table to track user votes. Since you know which user is requesting the page, you can easily join the votes table to determine the current user's eligibility to vote on each post on the page. For each post, if they're eligible, output one version of html, if they're not then output another.
Once the ajax request asks for the php file that does the vote, you can then check once more that that user is eligible to vote - I.e they're changing their vote, or they haven't voted before.
Take yahoo's news stories for example - when you request a page that you've made a comment on, your own comment has disabled voting buttons. With some hacking of the page inside the browser's dev tools, you can enable the buttons. You can even click on them and vote for your own post - though only once.
So, you can see that they got 2/3rds of it right, and output html based on the user's eligibility to vote. They also prevent multiple voting (server-side), they just don't do a server-side check to ensure you're not voting for your own comment.
Stack Overflow on the other hand, always shows the same html - but when you click to vote for your own comment, the server-side code baulks at the idea and the response is basically 'bugger-off! you can't do that' having received a negative result from the server, the javascript on the page pops up the message, rather than updating the vote count.
ASP.NET preventing a user from successive logins
You can't avoid it but can minimize it. Take a look at this similar question/answers:
multiple voting.
Hunting Cheaters.
Prevent Users from Voting Multiple times
Prevent double voting
You can combine these two methods:
- Add a cookie to prevent multiple votes from the same machine
- Log IP addresses and prevent voting more than a set number of times from the same address (for example, 5 times the same hour).
This will make it possible for multiple persons to vote from the same network but still prevent excessive cheating.
You may also make it harder to build a voting bot by adding some hidden form field with a token that must be included in the vote, and/or use Ajax for the voting. I know it's relatively easy to build a bot anyway but most cheaters aren't that smart.
Opensource Voting System
There are a few for Django:
- django-voting
- django-rangevoting
- django-ranking
Personally I've only used django-voting. It has a nice section on using it for a Reddit/SO style voting including templates and using Progressive enhancement: http://code.google.com/p/django-voting/wiki/RedditStyleVoting
I think the other projects have some interesting features in terms of custom ranking/sorting methods which is where django-voting can fall short.
Best way to stop a single person from creating multiple accounts
Some thoughts
There is no guarantee that an IP address corresponds to one person. Somtimes an entire village is seen from a single IP address. Also a usual internet connection has a dynamic IP address that can change any time.
Conclusion: Diffrentiating users by IP addresses is useless.
You may try to filter the multi-account players by checking for suspicious activities, but that may also not be of much help, since it would be hard to distinguish friends just playing together from real cheaters.
All in all, this is a problem to which no effective solution exists.
By the way, some games (for example EVE Online) encourage people having multiple accounts. Maybe you shouldn't worry about it either.
How to catch the same user with different ip
To identify if a user is really the same you should rely more on the MAC address of his NIC than on his IP address. Here i found a similar question where one proposes a JavaScript to get the remote MAC address.
How can I get the MAC and the IP address of a connected client in PHP?
Be aware that there is no 100% way here. A determined user will find ways. It is up to you to be conservative and not allow suspicious cases.
Maybe you can assign a probability of uniqueness to all the mentionned methods: User session, user-agent of browser, cookies, IP, MAC. The threshold to block should be a business-decision dependending on the severity of the consequences.
Website-scraping , robot-identification
Yes. For starters, look at your complete header when browsing the web using a tool like Firebug. You'll notice normal browsers provide a lot of information such as languages accepted that is not provided by urllib. So a website might check for the presence of other header information.
Another trick would be to include a 1x1 pixel image on a page and check if the client requested the image file. If not, then the client is using either a text only browser (like lynx) or is actually a script. I think JavaScript can also be used to look for the presence of a mouse.
Generally, it's a game of cat and mouse. One alternative to urllib is Selenium. Selenium will launch a browser window.
Related Topics
How to Reverse Order Output of a MySQL Query
Get_Result() Doesn't Work Even MySQLnd Is Enabled
Function Ereg_Replace() Is Deprecated - How to Clear This Bug
How to Pass Multiple Variables Across Multiple Pages
Overwrite Line in File with PHP
Array_Map Function in PHP with Parameter
PHP Try-Catch Blocks: Are They Able to Catch Invalid Arg Types
PHP Warning: Exec() Unable to Fork
Pdo Returning Incorrect, But Duplicate, Data. Key's Not in Database
PHP Run Once and Insert Twice in MySQL Database
How to Reverse a Unicode String
Using Fetch_Assoc on Prepared Statements
How to Install Composer on App Service
Http Response Code After Redirect