Seems to be easy to corrupt the votes.

I was able to vote twice on two different days when my IP changed

CommentFileSizeAuthor
#5 drupalitfix.patch1 KBAnonymous (not verified)

Comments

tic2000’s picture

If you let anonymous users to vote it's easy to corrupt the vote on any system. The module checks for the IP only if there is no user id. If anyone knows a better system please let me know and I'll implement it.

DMG-1’s picture

Perhaps a cookie as well as an IP check?

tic2000’s picture

Well, cookies can be deleted as well. So this is not bullet proof either.

Anonymous’s picture

I think that it must be nearly (if not totally) impossible to keep the same ANONYMOUS person from voting twice on anything. The current system sounds good in that regard.

There is the ability to vote twice, however, for registered users. I copied the url linked to from the vote option, then clicked on the url. It processed my vote. I pasted the URL into the address bar and hit enter. Once again, it processed my vote. I was able to increase the vote by two as a registered user even though I should only have been able to the first time.

If the system does not make "Vote" a link because it realizes that I have already voted, then the in the submit function, the same check should be made again.

I will try to work on this in a bit. If I have time.

Anonymous’s picture

Assigned: Unassigned »
Status: Active » Needs review
StatusFileSize
new1 KB

This should fix the ability for a registered user to vote multiple times when they aren't supposed to.

tic2000’s picture

Status: Needs review » Reviewed & tested by the community
tic2000’s picture

Status: Reviewed & tested by the community » Closed (fixed)