Actually the requirement is that it is proven secure and proven unable to spoof.
NOT the other way around. This is why paper votes are good, because it is easy for anyone to verify the voting and counting process.
First by proving that a user can not be spoofed.
Then prove that the result can not be modified externally. Remember, many people do have root access.
I would first start by getting root access to the server, which many of us already have. I would use that access to modified the either create temp users. Or temporary over ride user authentication.
This is not where I would start to attack this code. I would start with the user authentication. If that was too hard I would attack the database where the vote count is kept.