14 replies to this topic

[Supreme Hobo]

Hi All

I've created a poll script which looks like the following:

poll.php

<?php require_once('Connections/andypops.php');
mysql_select_db($database_andypops, $andypops);
$query_poll = "SELECT * FROM poll";
$poll = mysql_query($query_poll, $andypops) or die(mysql_error());
$row_poll = mysql_fetch_assoc($poll);
$totalRows_poll = mysql_num_rows($poll);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>

<body class="pollbd">
<form id="poll" name="poll" method="post" action="pollvote.php">
  <table width="100%" border="0" cellspacing="0" cellpadding="0">
	<tr>
	  <td colspan="2" id="question"><?php echo $row_poll['question']; ?></td>
	</tr>
	<tr>
	  <td width="3%"><input name="option" type="radio" value="votes1" checked="checked" /></td>
	  <td width="97%"><?php echo $row_poll['answer1']; ?></td>
	</tr>
	<tr>
	  <td><input type="radio" name="option" value="votes2" /></td>
	  <td><?php echo $row_poll['answer2']; ?></td>
	</tr>
	<tr>
	  <td><input type="radio" name="option" value="votes3" /></td>
	  <td><?php echo $row_poll['answer3']; ?></td>
	</tr>
	<tr>
	  <td><input type="radio" name="option" value="votes4" /></td>
	  <td><?php echo $row_poll['answer4']; ?></td>
	</tr>
	<tr>
	  <td colspan="2" align="center"><input name="Submit" type="submit" class="formel" value="Vote" /></td>
	</tr>
  </table>
</form>
</body>
</html>
<?php
mysql_free_result($poll);
?>

pollvote.php

<?php require_once('Connections/andypops.php');
mysql_select_db($database_andypops, $andypops);
$query_poll = "SELECT id, votes1, votes2, votes3, votes4, total FROM poll";
$poll = mysql_query($query_poll, $andypops) or die(mysql_error());
$row_poll = mysql_fetch_assoc($poll);
$totalRows_poll = mysql_num_rows($poll);

if ($_POST['option'] == "votes1") {
	$votes1 = $row_poll['votes1'] +1;
	$total = $row_poll['total'] +1;
	mysql_query("UPDATE `poll` SET `votes1` = '$votes1', `total` = '$total' WHERE `id` = '1' LIMIT 1", $andypops);
include("pollresults.php");
}

if ($_POST['option'] == "votes2") {
	$votes2 = $row_poll['votes2'] +1;
	$total = $row_poll['total'] +1;
	mysql_query("UPDATE `poll` SET `votes2` = '$votes2', `total` = '$total' WHERE `id` = '1' LIMIT 1", $andypops);
include("pollresults.php");
}

if ($_POST['option'] == "votes3") {
	$votes3 = $row_poll['votes3'] +1;
	$total = $row_poll['total'] +1;
	mysql_query("UPDATE `poll` SET `votes3` = '$votes3', `total` = '$total' WHERE `id` = '1' LIMIT 1", $andypops);
include("pollresults.php");
}

if ($_POST['option'] == "votes4") {
	$votes4 = $row_poll['votes4'] +1;
	$total = $row_poll['total'] +1;
	mysql_query("UPDATE `poll` SET `votes4` = '$votes4', `total` = '$total' WHERE `id` = '1' LIMIT 1", $andypops);
include("pollresults.php");
}
mysql_free_result($poll);
?>

/b]pollresults.php[/b]

<?php require_once('Connections/andypops.php'); ?>
<?php
mysql_select_db($database_andypops, $andypops);
$query_poll = "SELECT * FROM poll";
$pollb = mysql_query($query_poll, $andypops) or die(mysql_error());
$row_poll = mysql_fetch_assoc($pollb);
$totalRows_poll = mysql_num_rows($pollb);
if($row_poll["votes1"] != 0) {
	$votepercent1 = Round(($row_poll["votes1"] / $row_poll["total"]) * 100) . "%";
} else {
	$votepercent1 = 0 . "%";
}
if($row_poll["votes2"] != 0) {
	$votepercent2 = Round(($row_poll["votes2"] / $row_poll["total"]) * 100) . "%";
} else {
	$votepercent2 = 0 . "%";
}
if($row_poll["votes3"] != 0) {
	$votepercent3 = Round(($row_poll["votes3"] / $row_poll["total"]) * 100) . "%";
} else {
	$votepercent3 = 0 . "%";
}
if($row_poll["votes4"] != 0) {
	$votepercent4 = Round(($row_poll["votes4"] / $row_poll["total"]) * 100) . "%";
} else {
	$votepercent4 = 0 . "%";
}
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<body class="pollbd">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
	<td id="question"><?php echo $row_poll['question']; ?></td>
  </tr>
  <tr>
	<td id="answer"><?php echo $row_poll['answer1']; ?></td>
  </tr>
  <tr>
	<td id="bar"><img src="images/pollbar.jpg" width="<?php echo $votepercent1 ?>" height="5"></td>
  </tr>
  <tr>
	<td id="answer"><?php echo $row_poll['answer2']; ?></td>
  </tr>
  <tr>
	<td id="bar"><img src="images/pollbar.jpg" width="<?php echo $votepercent2 ?>" height="5"></td>
  </tr>
  <tr>
	<td id="answer"><?php echo $row_poll['answer3']; ?></td>
  </tr>
  <tr>
	<td id="bar"><img src="images/pollbar.jpg" width="<?php echo $votepercent3 ?>" height="5"></td>
  </tr>
  <tr>
	<td id="answer"><?php echo $row_poll['answer4']; ?></td>
  </tr>
  <tr>
	<td id="bar"><img src="images/pollbar.jpg" width="<?php echo $votepercent4 ?>" height="5"></td>
  </tr>
  <tr>
	<td id="answer">Total Votes: <?php echo $row_poll['total']; ?></td>
  </tr>
</table>
</body>
<?php
mysql_free_result($pollb);

?>

What I need to do is somehow register which people have already voted on the poll and if they have already voted, automatically redirect them to pollresults.php (poll.php is embedded in another page by default). I tried setting cookies and suchlike but it just froze everything up and gave me about a hundred million errors. Thanks!

-Andy

[Matthew.]

Well, lets go down the cookie route as you've really got two options:

Log the IP in a DB - Problem: IPs change for most people when they turn the router on or reconnect etc.

Cookie: Cookie can be deleted

Most people go for the cookie option, as even though it isn't fool proof,it doesn't allow people to vote twice who are not out to vote twice.

How about you add back what you did with the cookie, and we'll help you fix the errors. (unless you want to go down the IP logging route of course.)

Edited by .Matt, 29 June 2006 - 03:09 PM.

[Supreme Hobo]

OK, on the cookie route, I had another page called poll1.php.

<?php
require_once('Connections/andypops.php');
mysql_select_db($database_andypops, $andypops);
$query_poll = "SELECT * FROM poll";
$poll = mysql_query($query_poll, $andypops) or die(mysql_error());
$row_poll = mysql_fetch_assoc($poll);
$totalRows_poll = mysql_num_rows($poll);
if ($_COOKIE['ampoll'] == $row_poll['question']) {
include("pollresults.php");
}

if (empty($_COOKIE['ampoll'])) {
include("poll.php");
}

?>

On pollvote.php I added:

setcookie("ampoll",$row_poll['question']);

below the MySQL query which selects the poll table.

Edited by Supreme Hobo, 29 June 2006 - 03:28 PM.

[NinJA999]

I went with the cookie approach for my poll system.

[Indigo]

I use sessions and then refresh. Like this:

if (isset($_session['hasvoted'])) { //print results }
else { //print poll. When voted, set session and refresh}

Not the best way to do it, but it's good enough too me

[Matthew.]

It is perhaps the worst way to do it since you just have to close the browser and then you can vote again.

Suprememe Hobo, what errors does that give you then?

[Supreme Hobo]

I dont get errors with that, it just freezes up completely and says the page cannot load.

[NinJA999]

.Matt, on Jun 30 2006, 08:00 AM, said:

It is perhaps the worst way to do it since you just have to close the browser and then you can vote again.

Do you mean the cookie or the sesson? Because I agree with you on the session part, but most browsers keep cookies until they are set to expire, reguardless of whether the browser is closed or not. I set mine to expire at 12 am the next day with this code:

$cookiename="nrpollid".$theid;
if (isset($_COOKIE[$cookiename])) {
	header( "Location: polldone.php?id=".$theid );
} else {
	setcookie($cookiename, "set", mktime(0, 0, 0, date("n"), date("d")+1, date("Y")));
}

Edited by NinJA999, 30 June 2006 - 08:08 AM.

[Lang]

Indigo, on Jun 30 2006, 06:04 AM, said:

I use sessions and then refresh. Like this:

if (isset($_session['hasvoted'])) { //print results }
else { //print poll. When voted, set session and refresh}

Not the best way to do it, but it's good enough too me

Unfortunately sessions are destroyed when the user closes the browser. So they could still vote as many times as they deem fit. That is the same with cookies aswell. All the user has to do is clear their cookies.

I find the best approach is either make it flat file - or use a database.

The database could record the IPs in records, whereas on flatfile you could simply list all the IPs that have voted and seperate them with an identifier (comma) and just explode the contents of the file.

Hope this helps,

[Indigo]

I'm fully aware of that, but: If somebody actually takes the time to close the window just to spam my poll, they allmost deserve to be able too
I guess not many people would do this, because it's quite meaningless. That's why I use it.

[dEcade]

I would go with the IP because it's more difficult way to vote again because with sessions they really don't save on the computer and cookies can easily be deleted. When I coded the poll for my brother's site I went the IP way and it seems to work quite well.

dEcade

[Matthew.]

Again i'll come back to my previous point and say for most users, their IP is dynamic. So when they restart the router, or even just use ipconfig, the IP changes.

[rc69]

It seems to me like turning the computer off just to restart the modem is a bit more of a hassle then simply closing your browser to reset a session. They could be completely innocent about closing their browser and spamming the poll also. I know I open my browser at least 3 times a day (I also have 3 to choose from). Each time I do, I could go to the site just to vote and move on... The ip would stop the lazy spammers at least.

No, I’m not saying logging the ip is a guaranteed fix-all, by no means is it. But, it is probably the easiest way to prevent spam, as it's the hardest to go around. True, it's not "hard" to go around, but in the long run, it is "harder."

[Supreme Hobo]

I accept that anyone determined enough (and somewhat lacking in a social life I suspect) will almost always find a way to exploit the poll script and vote multiple times for the same question. I'm just looking for a reasonably secure method of running this poll but at the same time making it simple enough to change the question every so often etc. How would I go about logging someones IP?

[rc69]

$_SERVER['REMOTE_ADDR']

You can also look in the tutorial section of the website, there's an entire sub-section devoted to this (for the most part).