View Single Post
Old 2013-02-09, 18:56   Link #35
Join Date: Dec 2005
Location: event horizon

People would just make bogus accounts 1 week before. Honestly though we just need a user id/name and I can just make a script to verfiy if they have posts using the member list (and find posts feature; since profiles can be disabled).

And I'm not going to build anything that handles damn passwords (ever!). Trust me nobody wants to build something that handles passwords from another site, that's how stupid shit happens.

Originally Posted by relentlessflame View Post
As for the authentication API to validate the participants... it could be possible. Just need to think about how to program it. For example, we could potentially host a script on the forum server that validates your login credentials (based on the auth cookie) and other criteria (post date, post count, whatever), and then generates a unique key that is sent as part of a redirect to the actual vote page (either in the query string or via HTTP POST). Then the logic on the receiving end could lookup that key to see if that user has voted before, etc. We could sign the requests to ensure authenticity, and so on.

Anyway, there are probably ways of doing it that aren't so hard.
There are actually established protocols for this, but I don't mind some homebrew if it's secure (my biggest concern with a homebrew solution would be a member being able to forge the identity of another legitimate member; algorithmically, though a flaw in the process etc).
felix is offline   Reply With Quote