Check out the LimeSurvey source code on GitHub!

Store calculated code with responses?

5 years 7 months ago #63583 by ricopoco
(Disclaimer: I've been playing with LimeSurvey for, oh, about 12 hours. So, yes, I'm a real newbie!)

We want to run a public survey that is completely "anonymized" yet at the same time would like to minimize repeat visitors. Using cookies is a start, but it is probably pretty common knowledge as to how one goes about clearing cookies. So I'd like to bolster anonymization by recording obfuscated IP addresses as well. In particular, I'd like to salt the IP address (to lengthen it) and then run it through a one-way hash function. This code would need to be stored along with the user's responses . Using the date/time stamp and hashed IP, I could easily filter out apparent repeat entries. Is this do-able?

A couple of notes about this:

1. I know that using the IP address does not guarantee non-repeat responders. However, I believe that along with cookies, it will help keep it down to a "dull roar".

2. Using such a process may prevent some other people from responding (eg., NAT installations, proxied computers, etc.). I can live with that.

3. I don't want to calculate the hash via Javascript -- it has to happen server-side, not client-side.

4. Salting the IP address before it is hashed is to help thwart the use of rainbow tables in attempts to decipher the code.


Please Log in to join the conversation.

5 years 7 months ago #63587 by jelo
Write a landing page in the scriptlanguage you like, which generates the hashcode and then add the hashcode to the url of your survey. Redirect the user to the survey.

Create a hidden question (simple textanswer) and remember the SGQA code.

Learn how to prefill this hidden question with your generated code.
(Old descriptions, you don't need to hide a question with javascript anymore)

On the page you will find a php script (Prefilling a date question with the current date) which can be used as an example for your script.
The following user(s) said Thank You: ricopoco

Please Log in to join the conversation.

5 years 7 months ago #63590 by ricopoco
Yes, that would be very doable! I'm going to give that a go.

Thanks for the suggestion, jelo!

Please Log in to join the conversation.

5 years 7 months ago #63592 by ricopoco
Just tried it and it worked like a charm!

The only weakness I see to this solution is that once the visitor gets to the survey home page, they could tweak the hash value to be whatever they wanted. To thwart that, the script could store the hash value in a separate look-up table in the database before re-directing the visitor to the survey itself. Then I could "DELETE FROM survey_<sid> WHERE <sid>X<gid>X<qid> NOT IN (SELECT hash FROM hash_lookup_table);" and voilĂ !

Thanks again.

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form