Block double voting

Apr 4, 2013 at 12:33 PM
Hi. Can Rateit plugin block user of double clicking on raiting by IP?
Apr 5, 2013 at 11:40 PM
Edited Apr 6, 2013 at 12:10 AM
Rateit doesn't have this functionality built in, but of course you can use server-side code, cookies/local storage, or a combination thereof to achieve this. For example:

index.php?itemId=3
<?php $itemId = false; ?>
<?php if(isset($_GET['itemId'])) { $itemId = $_GET['itemId']; } ?>

<div id="usermsg" style="display: none;"></div>
<input type="hidden" id="item-id" value="<?php if($itemId) { echo $itemId; } ?>" />
<div class="rateit" id="rating"></div>
AJAX
$('#rating').on('rated', function(event, value) {
  $.ajax({
    type: 'POST',
    url : 'ratinghandler.php',
    data: '?itemId=' + $('#item-id').val() + '&rating=' + value,
    success: function(data) {
      if(data === '1') {
        $('#usermsg').html('Your rating was submitted successfully!').show();
      } else if(data === '2') {
        $('#usermsg').html('You have already rated this item!').show();
      } else {
        $('#usermsg').html('An error occurred. Please try again later.').show();
      }
    };
  });
});
And then, since I'm using PHP as an example here:

ratinghandler.php
<?php
  $itemId = false;
  $rating = false;

  if(isset($_GET['itemId'])) {
    $itemId = $_GET['itemId'];
  } else {
    exit('0'); // we want to use exit('0') instead of echo 0 to stop code execution
  }

  if(isset($_GET['rating'])) {
    $rating = $_GET['rating'];
  } else {
    exit('0');
  }

  function checkIP($item, $ip) {
    // check the db here to see if $ip matches an ip in the database for this $itemId
    // if there's a match, return true, else return false
  }

  if($itemId && $rating) {
    $ip      = $_SERVER['REMOTE_ADDR'];
    $ipCheck = checkIP($itemId, $ip);

    if(!$ipCheck) {
      // go ahead with the rating insert
      exit('1');
    } else {
      exit('2');
    }
  } else {
    exit('0');
  }
?>
Possible Caveats:
  • People with dynamic IP addresses will be able to rate again when their IP changes.
  • People with dynamic IP addresses may be denied the ability to rate if the last person who had that IP submitted a rating.
  • People using VPNs or proxy servers could circumvent this system.
Possible Work-arounds:
  • Use cookies and/or local storage in conjunction with IP tracking (clearing the browser cache and changing IPs is still possible though).
  • You may choose to track all ratings in the database by IP address, rather than only whether they've rated an item or not. This way, you could allow them to update their rating (overwriting their old rating in the db using UPDATE) instead of simply denying them the ability to do so.
  • Use IP tracking + cookies/local storage, and only allow logged in users to vote. This is probably your best bet.
Although there is no 100% fool-proof way of preventing double voting since they could clear their cache, change their IP and create multiple accounts, there's nothing wrong with making it as much of a hassle as possible.

Keep in mind though, I just wrote this code in the post on the fly. It's not tested, nor is it even complete. Consider it pseudo code. It's only intended to get you on the right track, but I hope it helps!