Jump to content


Photo

Prevent sharing of accounts


  • Please log in to reply
2 replies to this topic

#1 Kano

Kano
  • Members
  • PipPipPip
  • Advanced Member
  • 76 posts
  • LocationEngland

Posted 06 September 2006 - 01:50 PM

Hi all,
I have a general question that has been bugging me for a while.
I am wondering whether it is possible in php that a script can prevent members from sharing accounts. I am thinking that we could prevent people logging in to a system under a username when that username is already logged in to the system but are there any otherways?

I am not after any code as such, just some general advice and opinions on how to go about this task.

Thanks for any advice

#2 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 06 September 2006 - 02:12 PM

You can do this simular to building a WHO IS online script

at the top of every page, have some code, if the user is logged in, Update the DB with the date/time stamp

If they log out, delete this stamp
BUT, what if they dont log out

If you update the DB every page load, then if they have not loaded a page for more than 10 mins, assume they have gone.
Therefore, when it comes to logging in
Check if the IP add is the same (Just in case they closed there browser by accident or something)
If the IP is different, check if the Last Action was more than 10 mins, if it wasn't Come up with a message saying that they are logged in.

Alternative

Store the users IP in the DB when they log in
Then on every page load
check that the users IP is the same as the one in the DB
if not, then log out

So if someone logs in from somewhere else, under that account, His IP would be in the DB, therefore the IP of the first person does not match
Tell me the problem, I will try tell you the solution

#3 Kano

Kano
  • Members
  • PipPipPip
  • Advanced Member
  • 76 posts
  • LocationEngland

Posted 06 September 2006 - 02:26 PM

Thanks onlyican,
That is what i needed to know, this would then prevent the problem of only allowing loggin from one ip address per user (which is not helpful) and also prevent users from passing their details because of the situation where they cannot get into the system whilst someone is using their account. One problem is if someone aquired someone elses account details but then this can be overcome be using an admin contact link if there are problems with the account, i would assume.

thanks for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users