Helping ordinary people create extraordinary websites!
| |
Helping ordinary people create extraordinary websites! |
Build a Perl/CGI Voting SystemBy Allan Peda2005-07-05 
Functional design considerations
Let's dive right into a major concern for this simple project: the functionality of the design. Here's the idea. The user is presented with an initial screen requesting that she enter her e-mail address and select several candidates from a Web form. The submission of the selections is recorded as a draft ballot entry locally, then an e-mail verification is sent to the supplied e-mail address. In this case, I am assuming that a verified e-mail address is sufficient to establish a user's identity. This brings up the issue of multiple voting. Practically speaking, I can think of no way to make it impossible for users to vote multiple times using multiple e-mail addresses, but we can limit the tallying of votes so that only one vote is allowed per e-mail account. This verification e-mail contains a link back to the originating CGI script, which allows comparison of the link to the record saved in a local DBM file. If the two records match, a ballot entry is made in the cast ballot table and the vote is tallied. If records do not match, no entry is made and the vote is not scheduled for confirmation. Instead, a new confirmation e-mail is generated, with a new verification record in the database. This overwrites any draft ballot entry for the associated e-mail address, effectively starting the process again from the beginning. If the records match, the voter may confirm the draft ballot. At this point, if the voter changes her mind, she could simply return to the Web form and enter a new draft ballot, which would replace the previous one. This design presents a reasonably secure system; as long as each voting user has one and only one acceptable e-mail account, there is reasonable assurance that users could not vote twice. (I'll return to this later.) Let's get into the system details. Tutorial Pages: » Using locked DBM files with CGI-driven forms saves client data without DBMS overkill » CGI considerations: Simplicity vs. complexity » Functional design considerations » Details: Hash keys » Details: E-mail gotchas » Details: Not-so-secret ballots » Details: File layout » Details: Static vs. dynamic DNS » Details: Is GET harmful? » Other possible improvements » Conclusion » Resources First published by IBM DeveloperWorks
|
|