Anonymous Satisfaction Form

ianhobo

Hi,

Wondering if anyone can offer some implementation advice!
I've never done this sort of "one time" tracking yet anonymous solution!

I have to make an anonymous employee satisfaction questionnaire.
It will be hosted internally and served on apache with php 4 using a postgres db. (I'm only new/inexperienced to php). I expect about 300 - 400 people to fill it out

The person will visit the page, fill in questions, and press submit.
A system should be in place to prevent multiple submissions and thereby abusing the system. (doesn't have to fool proof, but I need to make an attempt)

The more computer literate individuals will know that deleting cookies will easily bypass such a simple prevention mechanism (as was used in a previous incarnation!)

So this time, I imagine a solution would be for each employee to receive an email with a link and a unique querysting key which which can be checked to both validate the users submission, and to also prevent duplicat/multiple submissions.

Herein lies the my problem (its probably really simple and im making a mountian out of a molehill)
If I use a hash algorithm to generate a unique key
a) what would the hash be generated against. i can't use the users login or user name as this wouldnt exactly be anonymous. Maybe some combination of their name and the current time? Is that acceptable? Does it even matter once its unique and I store it?
b) after the key was generated, I assume it would then be written to the database for validation when the user visits, and marked as used once clicked?

All my code written will be presented to the user in order to allow transparency for the system. (so that the users can see its not being tracked)

Would that sort of approach be ok?
Can anyone see anything that I'm overlooking?
Thanks

Adam

Well you could use their username etc. if you hash it straight away and then ditch the username, as the hash will not be reverse engineered.

ianhobo

Mirror wrote: »

Well you could use their username etc. if you hash it straight away and then ditch the username, as the hash will not be reverse engineered.

Ok, but I will presumably have to store the generated hash in the database.
So as long a I don't associate a unique hash which a specific questionnaire submission, I guess that would be ok?
A user might be able to identify their hash by simply hashing their own name, but once it doesn't link to an identifiable submission.
(the people who will be taking this are all software engineers, someone WILL hash their name and see it matches their individual email link! Just because they can and its the most obvious solution -> hence why they will be allowed to see all of the source code)

Thanks

tommycahir

Why re-invent the wheel. I have used the following app a number of times to carry out annonymous survey for employee satisfaction.

It even includes a method of ensuring that a user can only submit the survey once via IP tracking, [could be modified to get MAC address to prevent release renew scenarios] or via cookies

UCCASS

cgarvey

You could go UCCASS alright.

You could also set up a script to generate a token (say a random 32-character alphanumeric, for e.g.), insert that in to a token table, and email it to the user (have the script do the emailing, I mean). When someone visits, validate the token and delete the token when the survey is submitted.