Closed ggordn3r closed 4 years ago
iambateman
commented
5 years ago This is done. To test,
ggordn3r
commented
4 years ago When I navigate back to a poll after a while, I'm still prompted to vote again even if I already voted. I'm not sure if my computer is automatically clearing cookies or what, but we probably need to strengthen our anti-ballot stuffing measures in this release, e.g. by blocking the same IP address from voting twice.
proggeramlug
commented
4 years ago Checking for the IP is neither effective nor helpful. IPs change all the time. We could attempt to also save the browser and do it that way but that is only so effective as well. In bigger office buildings lots of people share the same IP and same browser.
I did notice however that we let the cookie expire when the browser is closed. So I went ahead and marked it so the cookie is saved for 365 days. That is most reliable in terms of not blocking users that should be allowed to vote.
All that being said: The only real way to ensure people are not cheating here is to require an email confirmation. (well you can cheat there too but it is a lot more annoying to do)
ggordn3r
commented
4 years ago I've confirmed that this works when I am logged in as a different user from the poll creator, or when logged out altogether. However, as the poll creator, I am still able to vote as many times as I want.
Is this intentional? It leaves the polls open to intentional manipulation by the creator. I think a cleaner implementation would either: a) allow the poll creator to vote only once as well, or b) not count the poll creator's votes at all (allowing him to test how the poll looks but not vote in it)
I'm assuming Option A is the easier to implement. Can you add that in?
proggeramlug
commented
4 years ago Option A is what we do and yes that was intentional thus far, but I removed the ability.
Please test.
ggordn3r
commented
4 years ago How does this interact with the "Limit Repeat Voting" option on the Create Poll page?
I voted in this poll without issue as the poll creator. Then I went back to the poll management page and clicked "Vote on this Poll" again to test the repeat. The Vote page loaded without a Captcha, could be a bug here or with #109.
Note that this poll may be odd because I unchecked these settings:
Thus, I was expecting it to allow me to vote multiple times as the poll creator because I unchecked "Limit Repeat Voting".
proggeramlug
commented
4 years ago If "limit repeat voting" is enabled it "tries" to keep you from voting multiple times. The captcha problem has been resolved. If you uncheck "limit repeat voting" you will hardly be able to test this issue though ;)
ggordn3r
commented
4 years ago Can't test because of #87
ggordn3r
commented
4 years ago Appears to be resolved! I am able to vote many times when "limit repeat voting" is unchecked and only once when it is checked, even as the poll creator.
This is probably the last thing on the list so we can keep testing.