So I created a poll using php, this poll does not need an account in order to vote, but I was scared that it can be hacked , spam vote.
I can somehow vote again if I deleted the cookies in the resources tab of the developer tools in chrome.
I tried hacking it on my own like this
<?
set_time_limit(0);
while(true){
$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://domain.com/vote.php?poll_id=1234&answer_id=5;
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
$res = curl_exec ($ch) ;
curl_close($ch);
sleep(6);
}
Question, will those cookies prevent me from spam voting if I used curl on voting?
No it wont, because someone wanting to spam vote will simply discard them. Also, it's unlikely that curl will keep the cookies after being closed and reopened.
The only that might work to prevent spam vote (except for requiring an account) is to prevent an IP address to issue more than one vote for a given time. Downside of this, is that someone with a dynamic IP might end up with a IP that was already used to vote and will therefor not be able to vote.