Following up on:
voting api: http://drupal.org/node/59638
advpoll: http://drupal.org/node/105584

I have a use case where a client wants multiple people at a house party or other event to be able to vote through advpoll on a poll question. Likely this will be a shared IP situation, with either one computer or multiple computers through one NAT box. It is tedious to create a new user account for each of these voters. SO, we have a scenario where multiple anonymous votes per IP address (hostname) are desirable. Implications for integrity of the poll results are obviously, so this should be optional behavior.

Advpoll, in a poll where multiple options are ranked, enters each ranking as a separate vote using votingapi_set_vote, then later reassembles them based on UID or hostname into single ballots for counting purposes. So, I can't treat each row in the votingapi_vote table as a separate voter.

Do you have any thoughts on how to approach this? The "quickest" way to extend to this functionality seems to be appending a timestamp suffix (or something similar) to the IP address for the hostname column. Sorting by hostname could then be done as usual, except some IP addresses won't be regular IP addresses. It becomes more of a "unique identifier other than UID" column.

Right now neither votingapi_set_vote() or votingapi_add_vote() accept an incoming value for hostname. votingapi_add_vote() generates its own value. This is appropriate and good for most use cases, but not in mine.

Does it make sense to simply change voting_api_set_vote() and votingapi_add_vote() to accept an incoming value for hostname? Are there negative implications I might not be considering?

Thanks!

CommentFileSizeAuthor
#9 votingapi-multiple_anonymous_vote_shared_ip-123916-9-d8.patch3.95 KBmarty2081
#6 votingapi-multiple_anonymous_vote_shared_ip-123916-6-d8.patch4.24 KBveronicaseveryn
#6 Screen Shot 2018-11-18 at 5.15.23 AM.png211.44 KBveronicaseveryn

Issue fork votingapi-123916

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

eaton’s picture

eaton commented
Status: Active » Fixed

The new anonymous voting mechanism in version 2.x of VotingAPI should be more flexible in this regard. For more specific needs, manually populating the votes in question will bypass VotingAPI's normal behavior.

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

tanc’s picture

tanc
he/him
Primary language English
Location Italy
commented
Version: 4.7.x-1.x-dev » 6.x-2.x-dev
Status: Closed (fixed) » Active

Eaton, can you elaborate a little on what new mechanisms are in place in version 2 of VotingAPI? Is it possible to use cookies now instead of IP Address for instance?

eaton’s picture

eaton commented

By default, it operates on IP addresses. However, if you're casting votes manually you can specify anything in the vote's own 'vote_source' column. That will be used later for matching if a valid user id isn't available (IE, the user is an anonymous voter)

legolasbo’s picture

legolasbo
he/him
Primary language Dutch
Location Middelburg
commented
Status: Active » Closed (won't fix)

Drupal 6 is no longer supported. Closing old issues to clean up the issue queue.

Please reopen and update this issue if this is still an issue in the D7 or D8 version.

veronicaseveryn’s picture

veronicaseveryn commented
Version: 6.x-2.x-dev » 8.x-3.x-dev
Status: Closed (won't fix) » Needs review
Related issues: +#2791129: Vote rollover settings are missing the "Never" option
StatusFileSize
new Screen Shot 2018-11-18 at 5.15.23 AM.png211.44 KB
new votingapi-multiple_anonymous_vote_shared_ip-123916-6-d8.patch4.24 KB

I was facing the same issue with D8 version. A client is working on a private network, where IP address is the same for all users.
The site is using the Voting API module and the Like & Dislike module.

Anonymous users are allowed and able to vote thanks to this fix https://www.drupal.org/project/votingapi/issues/2846341, but it fails in my use case because the module saves a vote_source as IP address hash, which is the same for all users.

The problem is that when a module (here Like & Dislike) asks how many times the current user has voted by calling VoteStorage::getUserVotes() the vote_source returns the same IP hash + user ID is 0, hence, it looks as though the current user has already voted, which is not true (e.g. anonymous user from a different computer within organization's network).

For some use cases, I assume https://www.drupal.org/project/votingapi/issues/2791129 (which I also tested and added to my project) can be an option (to limit on time passed between voting), but in my case we don't want the duplicates, so this doesn't fully solve the problem with Anonymous.

To fix the situation, I have added an option to store vote_source relying also on Drupal's Session ID. This allows anonymous users within one IP to vote without issues.

Attached is a patch of how I implemented it.

settings

RumyanaRuseva’s picture

RumyanaRuseva commented
Status: Needs review » Needs work

By definition a 'session' is reset when restarting the browser (though depending on the browser setting it might be different). This means that anonymous users will be able to cast a new vote every time they visit the site.
Instead of using Drupal's session, it might be better to set a cookie with the voting identifier, and store it as long as possible, so that well-behaving customers will be able to update their votes with the same voting identifier, instead of adding a new vote.

It is also important to note that in both cases the system can be abused by the client resetting their cookies, and misbehaving users may cast unlimited votes. That is probably not a problem in a private web site where abuse is not expected, yet I believe there should be a clear warning about that in the configuration.
For this reason it would be nice to have the user IP identifier preserved (as part of the session identifier hash), so that abuse can be detected if needed. In this way it is also possible to add votes limit per IP.

jmarcou’s picture

jmarcou commented
Related issues: +#3060468: Fix & Improve the rollover window for anonymous user

I invite you, to test and review this issue : https://www.drupal.org/project/votingapi/issues/3060468
Where I posted a patch to fix the rollover window, so users on the same network can now vote after the rollover window ends.

And if the rollover window is not what you want, and you are looking for a "per device" vote system. I also added a way to configure the source from whitch you want the vote to be considered from another user, but instead of using the Drupal's session (as stated in the above comment), I set a randomly generated cookie, which is a bit safer (I also added a combo option between IP + randomly genarated cookie).

And if 5 minutes is not fast enought for you, there is an "Immediately" option (as well as a "Never" option) now.

marty2081’s picture

marty2081 commented
StatusFileSize
new votingapi-multiple_anonymous_vote_shared_ip-123916-9-d8.patch3.95 KB

The patch from #6 does not apply to the current 3.x-dev version. Here is a rerolled patch.

DieterHolvoet made their first commit to this issue’s fork.

DieterHolvoet opened merge request !7

dieterholvoet’s picture

dieterholvoet commented
Status: Needs work » Needs review

I opened a MR and added the changes from the last patch. I renamed Anonymous vote restrictions (anonymous_vote_restrictions) to Anonymous vote differentiation (anonymous_differentiation) and added a third option, One vote per cookie, as suggested by @RumyanaRuseva in #7.

joseph.olstad’s picture

joseph.olstad
Primary language French
commented
Version: 8.x-3.x-dev » 4.0.x-dev

joseph.olstad opened merge request !40

smulvih2 made their first commit to this issue’s fork.