Hello Jacques, Thursday, February 24, 2005, 3:02:09 AM, you wrote: J> I thought of capturing his IP Address and checking this value J> against my users table in my database where I have captured IP J> Addresses of users who have previously registered. Good luck. There isn't a way that I know of that is 100%. For instance, using the IP address could bite you because a new user might come from the same ISP as an already registered user and they ended up pulling the same IP address from the pool when they connected. It's remote, but possible. A more likely problem with this is if someone was behind a NATted firewall (corporate users) where they all have the same IP address, or people who use proxy servers. I guess, the best way is a cookie, but a user can delete their cookies (people sometimes do this to cheat on voting systems so they could place more than one vote.) You could try a combination of things. logging their IP, setting a cookie and maybe using javascript to pull some of the client machine information and log that into a DB. If say two or more criteria match then you refuse the second account creation. Of course all that would fail if they used a different machine altogether to create the second account. You can make it more difficult to create a second account, but you can't really prevent it. Even if you had a manual process in place where they had to give you a valid phone number, address and e-mail address, I could give you my cell number, my neighbor's or parents address, and any e-mail account I had created. I guess you could have them FAX you a photo ID, but still, if someone was really determined, that can be gotten around too. -- Leif (TB lists moderator and fellow end user). Using The Bat! 3.0.2.3 Rush under Windows XP 5.1 Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
