Web Voting Scripts

We give a sequence of examples of scripts for voting on the Internet. The point is to teach you how to write these by gradually adding parts to a primitive version that evolves to a more effective one.

Read the Source Code associated with each example. The same ideas are used in many other scripts.

These examples presume you have some experience writing HTML pages.

For all of these, the Voting Form remains unchanged. I hope these examples will be clear to a novice. One can certainly shorten them, but brevity was not my main goal. In reading these scripts, note that everything following a # in the line is a "comment" and is ignored by the program.

Simplest version [ source code ]: Just acknowledge the vote -- and don't even record it in a tally.
For amusement the ballot has a standard tiny piece of JavaScript that inserts a marquee in the "status line" at the very bottom of the browser window. [This is not included in subsequent versions of the ballot.]
Reject if incomplete [ source code ]: Reject if missing either the first or last name, or no vote is cast. Still don't record the vote in a tally.
The status line in the previous example is replaced by a marquee with the same text. [This is not included in subsequent versions of the ballot.]
With only a little more work, this form could also list the missing items.
Using Subroutines [ source code ]: As a program becomes longer, it becomes easier to understand if it is broken into subroutines, each of which contains one part of the program.
Reject if already voted [ source code ]: Before accepting the vote, check if the person has already voted. To make a secret ballot one must be careful to keep the record of who voted separate from how they voted. Since this form now saves data when someone votes, this is the first version of the ballot that could not have been done with Java or JavaScript.
This still does not record the vote in a tally.
Another important piece is missing: the script does not made a list of those who are allowed to vote -- and then reject voters not on the list. Since I don't want to restrict this example to reject users, I'll skip this (fundamental) step. Thus, you can vote many times under different aliases, even pretending you are someone else. This enables you to test these scripts more easily but is completely insecure. A more appropriate version would have a list of allowed users with passwords. Implementing this is not complicated.
Record the vote [ source code ]: The script finally records the vote.
Unified form This version insert the vote form in the perl script itself instead of having a separate HTML form. In addition to collecting everything in one place, this is in preparation for the next version. For variety, there is a JavaScript button to request the source code.: This version insert the vote form in the perl script itself instead of having a separate HTML form. In addition to collecting everything in one place, this is in preparation for the next version.
For variety, there is a JavaScript button to request the source code.
Return rejected form: This is identical to the above but if there is an error, return their old form with the errors indicated.
For variety I made my own button to request the source code.
security filter on data ( source code ): The primary source of security problems with running computer programs on the Internet is that people insert surprising spurious data that has your program doing malicious tasks you never intended. This problem can be almost completely avoided by filtering incoming data and accepting only characters that should appear.
In this case, since the only input is first and last name, we accept only a-z,A-Z, and the punctuation: . , - _ ' and a blank space. With a little more care we could also accept the accented letters that arise in many European languages. For other applications one might also accept 0-9 $ % & ( ) ? ! @ # *.