Jump to content

How should I go about restricting multiple signups per computer?

jdock1

By jdock1
in PHP Coding Help

 Share

Recommended Posts

jdock1 Regular Member

jdock1

Posted
Posted

This is the #1 most important thing about an app Im developing on the side.

 

There can be only one account per household. If I made it so anybody can just reg another account after they run out of points, this app would not work and not last long.

 

Whats the easiest way to go about doing this? Is there a class out there already written for this type of thing?

 

I know its impossible to completely stop someone from doing this. But I would like to disallow proxy users. Maybe by setting a cookie and inserting the IP into a database and matching it with new regs.

 

Anybody already have some code for this? Or what do you suggest to do?

 

 

Thank you!!

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

It can't be done to the extent that you can rely on it as a criteria for the success or failure of the app. IP addresses change, sometimes frequently. And what happens when a user is in an apartment complex that provides internet access via a proxy server? Does that mean only one user can join out of potentially thousands of homes? No matter what you do, there will be a way for people to get around it.

Link to comment
Share on other sites
jdock1 Regular Member

jdock1

Posted
  • Author
Posted

It can't be done to the extent that you can rely on it as a criteria for the success or failure of the app. IP addresses change, sometimes frequently. And what happens when a user is in an apartment complex that provides internet access via a proxy server? Does that mean only one user can join out of potentially thousands of homes? No matter what you do, there will be a way for people to get around it.

I know that. Thats why Im asking what the best way to go about it is. Im not saying block all proxys, but try to beat somebody who changed their ip addy for the purpose of regging a new account.
Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

What Pikachu was trying to express is that the effort is not worth the gain. The people who would want to circumvent any such "security are the ones that would go to the trouble of learning how.

 

Case in point: I have a large music collection and I wanted an album art photo for each album of my ripped mp3s. In doing image searches every once in a while I would find an image I wanted hosted on a site that would try to "protect" the image by doing things such as disabling right-click via javascript, putting a transparent gif over the actual image or some other useless "security". It was all useless for two reasons. 1) the image has already been saved to my computer in the browser cache and 2) I could get the image by simply doing a screen capture. I can't tell you how many posts I have seen from people asking how to secure the images in their website so people can't copy them. It's a worthless goal, all it takes is for one person with the know-how to copy the image and it is there for the word. The best you can do is watermark the image so that when someone tries to pass the image off as their own they won't succeed. (Yes, tehre are some services - expensive - that will monitor the web for people using your photos, but that is closing the barn door after the horses have left. And, your attempt to get the offender to remove the image will depend greatly on where the offender is hosting their site)

 

As for your particular request. Sure it can be done. Just make a java applet (not javascript) and require the user to install the plug-in for their browser. The plug-in could read specific data from their PC (maybe even the CPU ID) and pass that along with their registration. That would be as good of a security as you could hope to get. Of course, no user in their right mind would want to install any plug-in to access whatever 1337 content that you are hosting. Not to mention the solution would probably be rife with incompatibility issues for the various browsers. But, go for it! Don't let anyone giving advice based upon reasons and facts deter you.

Link to comment
Share on other sites
jdock1 Regular Member

jdock1

Posted
  • Author
Posted

What Pikachu was trying to express is that the effort is not worth the gain. The people who would want to circumvent any such "security are the ones that would go to the trouble of learning how.

 

Case in point: I have a large music collection and I wanted an album art photo for each album of my ripped mp3s. In doing image searches every once in a while I would find an image I wanted hosted on a site that would try to "protect" the image by doing things such as disabling right-click via javascript, putting a transparent gif over the actual image or some other useless "security". It was all useless for two reasons. 1) the image has already been saved to my computer in the browser cache and 2) I could get the image by simply doing a screen capture. I can't tell you how many posts I have seen from people asking how to secure the images in their website so people can't copy them. It's a worthless goal, all it takes is for one person with the know-how to copy the image and it is there for the word. The best you can do is watermark the image so that when someone tries to pass the image off as their own they won't succeed. (Yes, tehre are some services - expensive - that will monitor the web for people using your photos, but that is closing the barn door after the horses have left. And, your attempt to get the offender to remove the image will depend greatly on where the offender is hosting their site)

 

As for your particular request. Sure it can be done. Just make a java applet (not javascript) and require the user to install the plug-in for their browser. The plug-in could read specific data from their PC (maybe even the CPU ID) and pass that along with their registration. That would be as good of a security as you could hope to get. Of course, no user in their right mind would want to install any plug-in to access whatever 1337 content that you are hosting. Not to mention the solution would probably be rife with incompatibility issues for the various browsers. But, go for it! Don't let anyone giving advice based upon reasons and facts deter you.

 

Damn.. yea good points. When you mentioned the java applet at first I thought good idea, but that would be so dumb. No one is going to want to install that, as soon as they see that they would think "virus". And there would be wayyyyy to many compatibility issues.

 

Im not going to code real far into this, Im just going to make a database of ips, match them on new signups and set cookies. Therefore if the user is using a proxy, the cookie will still block access to a new reg. Of course they can just delete it, but I need to have some security, so people don't think they can just register a new account anytime. Im also going to implement user logging, which when a user requests a cashout, im going to monitor all of the ip addresses & activity on the account to screen for fraud.

 

Thanks for the advice.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.