By bryan kennedy on

I am looking at trying to modify the poll module to allow multiple votes from the same IP. I have a website that runs Drupal 4.5.2 that is public to the internet but also mainly accessed via a controlled kiosk at a museum. I want to offer a poll but since the kiosk is always on the same IP you can't ever vote more than the first time.

I don't know whether this modification would be useful to the community at large or not but to even get there I was curious about a couple things:

  • Who maintains the poll module? I guess I understand how the non-core modules are supported but I can't figure out how to contact someone specifically about the modules embedded in the core.
  • What would be the best strategy to implement an allowed multiple votes IP list, while still allowing for the page routing structure of this module to show you the results after you vote on something. Right now this seems to be dependant upon the fact that your IP has been logged in the database as a voter.

Comments

subimage’s picture

subimage commented

Has anyone started work on this? I'm thinking of modifying the poll module as well to support one vote per user and also allow the users to change their votes.

Does something like this exist currently?

bryan kennedy’s picture

bryan kennedy commented

I am going to do some personal work in the next two months to get this working on my site. I will then spend some time seeing how this might be added to Drupal 4.6 once it is out. So I can't promise any solution for the next couple months.

bryan kennnedy
Help us to improve Drupal's documentation. Join the Dupal Documentation Mailing List
sepeck’s picture

sepeck commented

Poll module appears to be core.
http://cvs.drupal.org/viewcvs/drupal/drupal/MAINTAINERS.txt?rev=1.5&view...

-sp
---------
Test site...always start with a test site.
Drupal Best Practices Guide

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide

kkobashi’s picture

kkobashi commented

Looking at the poll module, i believe all you have to do is comment out some lines in the poll_load($node) function in the poll.module:

Look for this code and comment it all out

// Determine whether or not this user is allowed to vote
// $poll->allowvotes = false;
// if (user_access('vote on polls')) {
// if (!strstr($poll->polled, poll_uid())) {
// $poll->allowvotes = $poll->active;
// }
// }

// Change to this:
$poll->allowvotes = false;
if (user_access('vote on polls'))
$poll->allowvotes=true;

return $poll;
}

All this does is disable the IP check via strstr().

You have to make sure your access control is set appropriately for all users. If this is a kiosk, then you will likely allow all users to vote (anonymous, administrator, authorized, etc.) and the user_access() check will always return true.

Of course this is only a fix for the original posters case. It would be best to just pass in a boolean to poll_load to override multiple IP detection.

Let me know if it worked!

-----------------
Kerry Kobashi

seanbfuller’s picture

seanbfuller commented

I tried this, but for I didn't like that it just kept letting users post the poll over and over, so I rolled up a cookie solution. It's probably not super secure, but good enough for a simple poll in a closed environment. Just replace the poll_uid function with this code:

function poll_uid() {
  global $user;
  if ($user->uid) {
     // Pad the UID with underscores to allow a simple strstr() search
    $id = '_'. $user->uid .'_';
  }
  else {
  	$id = $_COOKIE["IntranetPollCookie"];
  	if($id == ''){
  	  srand((double)microtime()*1000000); 
      $value = rand(0,100000000000);
      setcookie("IntranetPollCookie", $value, time()+3600000);
  	}
  }
  return $id;
}

Has not been extensively tested yet, but so far so good. It might be better to use the session identifier as the anon id. Someone who is more familiar with that part of the system might want to weigh in.

--------------------
Sean B. Fuller
www.seanbfuller.com

--------------------
Sean B. Fuller
www.seanbfuller.com

Emmanuel JARRI’s picture

Emmanuel JARRI commented

I think cookie method is far from being secure.

Why not just using the username to allow users to vote just one time ?
Is there a simple solution nowadays ?

seanbfuller’s picture

seanbfuller commented

Username is ideal. The issue is the anon users all have the same user id (0 or null?), so you need something to append to it. The poll currently grabs the IP as an identifier, if I remember correctly.

I was tasked with creating a quick intranet example to show the capabilities for using drupal as an intranet. We didn't want to create a bunch of usernames and everyone who would be looking at the example site would most likely be on the same IP. It's a closed environment, where I don't really care if someone goes through the trouble of cheating on a playful vote. In a real intranet, all content would be protected behind a login, meaning anon votes are not an issue.

So for anyone else coming across this thread: if only registered users can vote on a poll, your site should not have this issue. Even if anon users can vote, it's only an office environ where multiple people can vote from the same IP, you might see this issue.

--------------------
Sean B. Fuller
www.seanbfuller.com

--------------------
Sean B. Fuller
www.seanbfuller.com

dww’s picture

dww
we/he/they
commented

poll currently works by storing the user's uid in a field in the "poll" table called "polled". this is a fairly weird field whereby each user who's already voted as a "__" string appended to the text in the field. then, when poll.module is trying to figure out if a given user has already voted or not (to know if it should display the results or the options for voting), it has to do string operations instead of a simple SELECT. yes, in the case of annonymous users voting (if that's allowed at a site), the id used is the remote IP address.

i'm interested improving the 4.6 version of poll.module to make it possible for:

  • authenticated users to see their current vote
  • authenticated users to change their current vote
  • site admins to view votes per user on each poll

this will require fairly major re-organization of the code (and a change to the DB schema), but it'd be really handy for my site so i might just do it. there's no chance it'll get applied to the core 4.6 poll, and i think it's too late to get anything like this into the 4.7 version, either. this also wouldn't address the problems people are talking about with anonymous users.

however, is anyone else interested in these features? if so, that help might inspire me to do the work. if so, just follow-up here.

thanks,
-derek

___________________
3281d Consulting

dww’s picture

dww
we/he/they
commented

this is a fairly weird field whereby each user who's already voted as a "__" string appended to the text in the field.

that was supposed to say:

this is a fairly weird field whereby each user who's already voted as a "_[uid]_" string appended to the text in the field.

but i accidentally used "<uid>" and the html tag filter stripped it out.

sorry i didn't catch that on the preview. ;)

___________________
3281d Consulting

dww’s picture

dww
we/he/they
commented

i'm interested improving the 4.6 version of poll.module to make it possible for:

authenticated users to see their current vote
authenticated users to change their current vote
site admins to view votes per user on each poll

i finished this, and just created an issue in the poll.module project so i could attach a copy of the patch. also included there are instructions for changing your DB schema. finally, in case anyone who wants to use this doesn't know how to apply patches, i put up a complete copy of the modified poll.module file.

enjoy,
-derek

___________________
3281d Consulting

rharagon’s picture

rharagon commented

Please help me! I'm not able to find a fix suitable for 4.7.3 to allow votes (in the poll module) for users with the same IP, using cookies insteed of recorded IPs for anonymous users. This is specially usefull for users behind of a firewall or proxy.

Thanks in adavance!