Gravityforms is a great plugin for WordPress which allows you to add powerful forms to your website, with add-ons for just about everything under the sun from eCommerce to running a voting system. One add-on I used recently was the Polls Add-on, and after it was all set up, it worked like a charm.
But then I then looked into protecting against users “gaming” the system by voting multiple times. This article is about doing it with an email field, but I’ll briefly cover some others below:
Limit users by browser cookie
This approach is straightforward, set a cookie on the users computer so you know when they’ve voted. It also comes built-in with the Poll Add-on by Gravityforms which makes it super easy to implement.
The Problems: There’s a few problems with this approach. First, it’s easy to game the system. Browsers make it easy to clear your cookies these days. Or what about multiple users on the same computer? They get locked out as well! Most don’t realize they could just open a new browser, or in Chrome, select a different user. But once again, this method blocks out too easily, and is also too easily fooled. Therefore, using cookies is a no-go. The search goes on…
Limit users by IP address
Seems to make more sense… take control away from the client side and limit users by IP. It’s more powerful because users can’t game the system as easily. The only way would be to connect to a VPN or other service which hides/changes their IP address.
To implement this method, you’ll have to do a little more work than check a box, like the cookies solution. I started to code my own, but then decided to see if anybody else out there has done this before. I did a little search online and found this really handy PHP snippet from GravityWiz which gives you the ability to limit by IP as well as many other parameters (quoted from their website):
This snippet allows you to limit submissions to any (or all) Gravity Forms per a time period (i.e. 30 minutes, 24 hours, 2 days, etc) by a user ID, user role, IP address, a specific form URL, or the value of a specific field.
More on this script later, but first, here’s what I didn’t like about limiting by IP…
The Problems: First, consider this scenario: you have a router at home and there are 3 computers in your house. All 3 of those computers are connected to that router, and though they each have separate local IP addresses, they are all sharing the router’s IP address with the world, so now, you’re really limiting by household, not just IP. The same goes for office spaces. And your users can’t do a thing about it – except for connecting to a VPN or other service which will change their IP.
But if this DOES sound like a solution you’re looking for, I recommend heading over to their website and checking out this page.
Limit users by Email Address (Best Solution)
This was the final approach I took, and it makes sense because it doesn’t share the same problems as using cookies or IP addresses, and you can implement it in less than 5 seconds:
Why it works:
- Multiple people can vote from the same computer, household or office space
- The validation is handled on the server site, so it can’t be tampered with
The Problem: There is one caveat however – users can use their different email addresses to vote multiple times. Plain an simple. But that means they would have to put forth extra work to cheat, and since the Poll I was running was not high-profile, I figured this was an acceptable risk, and would still keep false submission to a minimum (there will always be a certain percentage of error in any voting system anyways).
Here’s how I went about doing it…
At first, I went about it the LONG way…
But then, when I had gotten this far, my brain clicked, and I remembered a setting in Gravityforms which had something to do with DUPLICATE ENTRIES. Ironically, no one even mentioned using this method online when I searched for “gravityforms limit voting polls by email” – which is why I’m writing this article now. The solution is super easy…
Sure enough, this was exactly the solution I was looking for. My POLL has 2 fields: the voting poll itself, and this email field. Tip: make sure you also REQUIRE the email field. This worked perfectly! And it was super easy to implement. Here’s me testing it…
I hope this helps, and post a comment if you have any questions/comments regarding this.