Detecting two people trying to use the same user name [SOLULTION] :: Zikula Community

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

mazdev responded to »Hide "Register new account" and change template to 3 col« 07:50 AM
mesteele101 created topic »Zikula 1.3.3 - Site Search 1.5.2 - Unable to turn off plug-ins« 07:48 AM
internetking created topic »password problem« 25. May
mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May
mdee created topic »How to implement returnpage ?« 25. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

Detecting two people trying to use the same user name [SOLULTION]

Print topic

Paustian

Rank: Softmore

Registered: May 30, 2005

Last visit: May 31, 2010

Posts: 340
Posted: Dec 31, 2006 - 04:02 AM

A while back I posted about wanting to ensure that only one person was using a certain username and it was not being share between several individuals. My reason for wanting to do this was that I am setting up to sell an online microbiology textbook that is served via PostNuke. What I am trying to prevent is 30 or 50 students all using the same username.

So here is my solution. Create a new user variable called _REMOTE_HOST. When someone is viewing a page from the book, check to see if they are logged in. If they are, check the remote host and save it. On the next page load from that user, compare the remote host to the saved host. If they are different, then log them out. Here is the code.

Code
if(pnUserLoggedIn()){
$remote_host = pnServerGetVar('REMOTE_ADDR');

$current_host = pnUserGetVar("_REMOTE_HOST");

if ($current_host == ""){
pnUserSetVar('_REMOTE_HOST', $remote_host);
} else {
if($current_host != $remote_host){
pnUserLogOut();
}
}
}

This solution makes me a bit uneasy because it is so simple, but it seems to work. One annoyance, If a legitimate user enters from another computer, on the first page load, they are logged out and will have to log in again. I can fix this by wiping out the remote host upon log in, but it seems to do this I will have to make changes to pnUser.php. Is there a better solution? Can people see potential problems with this approach?

BTW, I do know how to spell solution, really.

edited by: Paustian, Dec 31, 2006 - 04:20 PM
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 418
Posted: Dec 31, 2006 - 04:33 AM

The issue here is that people using a clustered/load-ballanced proxy they're gonna get logged out.

My ISP has 1 proxie hostname, but using more then 1 machine to do this. So when using my isp's proxy, i can have a different ip on each page I'm visiting.

Having more then 1 IP, but still using 1 cookie, and 1 session. Now when using 2 logins, will create 2 different sessions (at least, it should :P ) so you should check it on the session. 1 user active on 2 sessions is most likely a clone.

If PN would create a new session on each login, you could destroy all previous sessions, making the earlier login invalid.

I guess that would be a better way of dealing with account-sharing
Paustian

Rank: Softmore

Registered: May 30, 2005

Last visit: May 31, 2010

Posts: 340
Posted: Dec 31, 2006 - 05:33 AM

ZarToXidE
THaving more then 1 IP, but still using 1 cookie, and 1 session. Now when using 2 logins, will create 2 different sessions (at least, it should :P ) so you should check it on the session. 1 user active on 2 sessions is most likely a clone.

So then the question is, how do I check for more than one session per user? Is there a PN call for all sessions for a current user?
**unknown user**

Rank: Softmore

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 418
Posted: Dec 31, 2006 - 05:55 AM

I have know idea. Was just thinking while typing it :-p

Maybe you should check the pnSession.php in the includes directory. I've got know idea how PN handles sessions, I just never got into that part.
Simon

Rank: Legend

Registered: Dec 11, 2002

Last visit: Oct 21, 2009

Posts: 11674
Posted: Jan 01, 2007 - 08:08 AM

Checking against IP addresses isn't a reliable way to detect duplicate logins - AOL user's IP addresses can change many times during a session because of the way AOL works (at least this used to be the case)

--
itbegins.co.uk - Zikula Consulting

birtwistle.me.uk - Personal Blog

Please read the Support Guide