Thumbs Up/Thumbs Down Rating System
Ok, we've all seen sites where there is a comment/review/etc where there is a rating, either a count of thumbs up/thumbs down, or a rating from 1-5 with starts.
I'm going for the one with a count of clicks on the "thumbs up" and "thumbs down" icon.
Now the code to do the basics of this is pretty simple, however, while I have idea's to keep it from getting "spammed". There is the option of making sure you are logged in, but for now want to see how it goes for the general public.
Now I know if someone really wanted to, they could find a way to still spam it, but here are the general guidelines I'm thinking of, and would like other people's thoughts on ways to prevent it without using something as bad as captcha...
1. Sessions will be used to to keep a "last visited page" along with a timestamp of that page visit. You have a certain amount of time after hitting a page to click the thumbs, otherwise they don't count.
3. For each comment, it records the last IP, Session ID, and timestamp of the last vote. Never can the same session vote more than once on the same comment ID. I may expand this to move the voting history to it's own table that auto deletes records after a week.
4. If it is the same IP as the last vote, but different session, you can do two votes, then have a 10 minute timeout. (remember, in an office setting, many people may have the same IP address)
5. If there are too many votes on an item within a given time frame, say more than 4 a minute, it disables it for 30 minutes. It will log these as well, so if we see that hey the site is really popular, and it's happening often and logs look like valid votes, then can up it.
Other than the actual logging into accounts and recording all votes, can you think of any other steps you would take?
Note, that for my case, this is just for commenting on products, not throat competition for votes or anything.
Thanks.
-Greg
greg posted this at 06:13 — 28th May 2009.
He has: 1,581 posts
Joined: Nov 2005
I've had similar situations and to be honest there is no real satisfactory options for this scenario, or similar ones, as you of course know.
IP's change all the time, and as you said, offices, governments, schools/colleges etc often use a proxy type setup that shows one IP for all.
Wouldn't it just be fantastic if everyone had a unique, unchangeable code/id to identify them personally! We should be bar coded at birth... Mr Orwell's just turned in his grave...
I think you have pretty much what there is. Well, reliable and useful anyway. You could get browser type/version and OS type/version/SP etc, but as that only allows for a few additional permutations is not really worth shifting all the data it brings.
Without registrations you're just gonna have to accept tomfoolery, what you have is about the best you can do I think.
Although one thing - only allow votes for people who have cookies enabled, as without them on they don't even have to clear the sess you set to re-vote.
Greg K posted this at 14:46 — 28th May 2009.
He has: 2,145 posts
Joined: Nov 2003
Since the site does have user account, I did modify it so the the rotating log also logs the AccountID if you are logged in, and never removes these entries.
-Greg
NickD posted this at 20:52 — 28th May 2009.
They have: 56 posts
Joined: May 2009
I think that should work, I cant think of anything else you could possibly do without resorting to captcha, I have captcha on my own site for contact forms, and I know it it does a great job, but it just doesnt make me hate it any less lol
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.