If you just want a system that will stop most ballot-stuffers most of the time, you could put a hidden field in the form that has some encrypted goop in it which your script checks to see whether to accept the vote or not. Then when users call the script the first time, send encrypted goop that means "yes", but when the form is submitted, send it back with encrypted goop = "no". It won't stop anyone who just reloads the form by re-entering the URL, but if you don't make it obvious that their second and subsequent votes are being ignored, then most of them will never realise that they have to do this to rig the vote. Not secure, but for a non-critical situation it's simple and fixes most of the problem.
§ George Sherston