Online voting to prevent cheating

A while ago, as needed, a program for online voting had always encountered various bugs after the program was released
At first, cookies were used for verification. The customer disabled cookies for cheating, and then recorded the IP address, and the client switched the IP address with the software speed.
Later, another problem was found: the voting button could be submitted repeatedly, and the user could continue to refresh the ticket by holding down the voting button.
Finally, we still use cookies for verification.
The idea is as follows:
First, a verification code is generated on a page and recorded in a cookie: Response. Cookies. Add (New httpcookie ("checkcode", checkcode ));
After the voting button event starts, first determine whether response. Cookies ["checkcode"] are = NULL. If yes
The user is prompted to enable cookies before voting.
The code for generating the verification code is as follows:
Checkcode. aspx. CS
Private string generatecheckcode ()
{
Int number;
Char code;
String checkcode = string. empty;

System. Random random = new random ();

For (INT I = 0; I <5; I ++)
{
Number = random. Next ();

If (Number % 2 = 0)
Code = (char) ('0' + (char) (Number % 10 ));
Else
Code = (char) ('A' + (char) (Number % 26 ));

Checkcode + = code. tostring ();
}

Response. Cookies. Add (New httpcookie ("checkcode", checkcode ));

Return checkcode;
}

Private void createcheckcodeimage (string checkcode)
{
If (checkcode = NULL | checkcode. Trim () = string. Empty)
Return;

System. Drawing. bitmap image = new system. Drawing. Bitmap (INT) math. Ceiling (checkcode. length * 12.5), 22 );
Graphics G = graphics. fromimage (image );

Try
{
// Generate a random Generator
Random random = new random ();

// Clear the background color of the image
G. Clear (color. White );

// Draw the background noise line of the image
For (INT I = 0; I <25; I ++)
{
Int X1 = random. Next (image. width );
Int X2 = random. Next (image. width );
Int Y1 = random. Next (image. Height );
Int y2 = random. Next (image. Height );

G. drawline (new pen (color. Silver), X1, Y1, X2, Y2 );
}

Font font = new system. Drawing. Font ("Arial", 12, (system. Drawing. fontstyle. Bold | system. Drawing. fontstyle. italic ));
System. drawing. drawing2d. lineargradientbrush brush = new system. drawing. drawing2d. lineargradientbrush (New rectangle (0, 0, image. width, image. height), color. blue, color. darkred, 1.2f, true );
G. drawstring (checkcode, Font, brush, 2, 2 );

// Foreground noise of the image
For (INT I = 0; I <100; I ++)
{
Int x = random. Next (image. width );
Int y = random. Next (image. Height );

Image. setpixel (X, Y, color. fromargb (random. Next ()));
}

// Draw the border line of the image
G. drawrectangle (new pen (color. Silver), 0, 0, image. Width-1, image. Height-1 );

System. Io. memorystream MS = new system. Io. memorystream ();
Image. Save (MS, system. Drawing. imaging. imageformat. GIF );
Response. clearcontent ();
Response. contenttype = "image/GIF ";
Response. binarywrite (Ms. toarray ());
}
Finally
{
G. Dispose ();
Image. Dispose ();
}
}
}

Reference the verification code generated on the page in vote. aspx
Use the "
Voting button event handling
Vote. aspx. CS
Private void button#click (Object sender, system. eventargs E)
{
If (request. Cookies ["checkcode"] = NULL)
{
Response. Write ("<script language = \" javascript \ "> alert! '); Window. Close (); </SCRIPT> ");
Return;
}
Button1.enabled = false;
Updatevote ();
}

Private void updatevote ()
{
If (string. Compare (request. Cookies ["checkcode"]. Value, txtvalidate. Text, true )! = 0)
{
Response. Write (housebasic. scriptalertmsg ("the verification code is incorrect. Please enter the correct verification code. "));
Return;
}
String vote = "," + request. querystring ["ID"];
If (request. Cookies ["Vote"]! = NULL)
{
If (request. cookies ["Vote"] ["ip"] = request. servervariables ["remote_addr"] & request. cookies ["Vote"] ["ID"]. indexof (vote)> = 0)
{
Response. write ("<script language = \" javascript \ "> alert ('you have voted for this contestant today and cannot vote again: '); window. close (); </SCRIPT> ");
Response. End ();
}
Vote + = "," + request. Cookies ["Vote"] ["ID"];
}
Httpcookie cookie = new httpcookie ("Vote ");
Cookie. Values. Add ("ip", request. servervariables ["remote_addr"]);
Cookie. Values. Add ("ID", vote );
Cookie. expires = datetime. Now. adddays (1 );
Response. Cookies. Add (cookie );
// Vote
}
Now, we have to prevent the button from being submitted repeatedly.
Search for a js method to prevent repeated submissions on the Internet
JS. js
Function _ dopostback (){};
If (typeof ("_ dopostback") = "function ")
{
_ Dopostback =__ dopostback;
_ Dopostback = _ dopostbacknew;
}

Document. attachevent ("onmousemove", _ onmousemove );
VaR _ isposting = false;
VaR _ divmask = NULL;

Function _ onmousemove ()
{
If (_ divmask)
With (_ divmask. runtimestyle)
{
Left = event. clientx + document. Body. scrollLeft-4;
Top = event. clienty + documents. Body. scrollTop-4;
}
}

Function _ makemask ()
{
VaR DIV = Document. createelement ("Div ");
With (Div. runtimestyle)
{
Position = "absolute ";
Zindex = 999999;
Fontsize = "1px ";
Left = event. clientx + document. Body. scrollLeft-4;
Top = event. clienty + documents. Body. scrollTop-4;
Width = "8px ";
Height = "8px ";
Cursor = "wait ";

Backgroundcolor = "gray ";
Filter = "alpha (opacity = 10 )";
}
Try
{
Document. Body. insertadjacentelement ("beforeend", Div );
Div. onblur = new function ("This. Focus ()");
Div. Focus ();
}
Catch (x ){}
 
If (_ divmask) _ divmask. removenode (true );
_ Divmask = div;
}

Function _ dopostbacknew (sender, argS)
{
If (_ isposting)
Return event. returnvalue =! (Event. cancelbubble = true );

Status = "Updating page ...";
_ Dopostback (sender, argS );
_ Isposting = true;
_ Makemask ();
}

Function _ onformsubmit ()
{
If (_ isposting)
Return event. returnvalue =! (Event. cancelbubble = true );

_ Isposting = true;
_ Makemask ();
}
New function _ attachforms ()
{
With (New enumerator (document. Forms ))
For (;! Atend (); movenext ())
{
Item (). attachevent ("onsubmit", _ onformsubmit );
VaR DIV = Document. createelement ("Div ");
Div. runtimestyle. width = "0px ";
Div. runtimestyle. Hight = "0px ";
Div. runtimestyle. Overflow = "hidden ";
Div. runtimestyle. Position = "absolute ";
Item (0). insertadjacentelement ("afterbegin", Div );
Div. innerhtml = "<input type = submit name = 'webformpatchsubmitelement 'onclick = 'Return event. returnvalue = false' id = 'webformpatchsubmitelement 'value = 'webformpatchsubmitelement'/> ";
}
}
Use this as the form of <-script src = Js. js-> <-/script-> to render to every page. |
If pagebase exists, it is better to use registerclientscriptblock during init.
For example, this. registerstartupscript ("JS", "<SCRIPT src = \" Js. js \ "type = \" text/JavaScript \ "> </SCRIPT> ");

My vote is basically handled to prevent some common cheating methods. You are welcome to raise some shortcomings.
And Vulnerabilities