On May 22, 2010, at 7:43 PM, Brandon Rampersad wrote:
These third world internet providers are screwing up the IP address
system with their shared IPs which defeats the entire purpose of an
IP address.
On Sat, May 22, 2010 at 6:19 PM, Karl DeSaulniers
<karl@xxxxxxxxxxxxxxx> wrote:
On May 22, 2010, at 3:37 PM, Robert Cummings wrote:
This was beaten to death last week. The solution is not possible
because it's not about restricting a single user from logging over
multiple machines, it about restricting a single computer to only
one session (so running IE, Firefox, Opera, Safari on same computer
with different users would not be allowed).
Cheers,
Rob.
Karl DeSaulniers wrote:
Yeah. Don't be concerned about which browser. Just set up an
active users table in your database that gets checked at login.
Then it doesn't matter which machine or browser. Unless you know
that the computers are giving the true ip, there is no way to keep
a user from logging in with two account on the same computer.
Otherwise add the active users ip to the active users table and
check it as well on login
Easy peasey
Karl
Sent from losPhone
On May 22, 2010, at 12:34 AM, Gautam Bhatia
<mail2gautambhatia@xxxxxxxxx> wrote:
On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote:
Hi All!
I am looking for a solution, I want a user to do a single Login
only on a PC
.
E.g. If a User has logged on my website website.com in Internet
explorer,
then he cant login on same website in another browser like Firefox
etc with
same loginid or another.
Can I trace MAC address of a single machine to solve this issue?
Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie
which will
work for all browsers in a single machine..
I hope You will help me out
Regards
Jagdeep Singh
+91 9988009272
hi Jagdeep,
I am not really sure , i got your question right but
there is something you can try if this helps, in the mysql dbase add
field like "loggedIn" , which can be true/false, when person logs in
change it to true , so even if the person is using other browser, you
can check the value from dbase, if user is already logged in or
not. If
that makes sense to you , good luck.
regards,
Gautam Bhatia
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
Sorry for the top posting.
Ah, I see. Don't mean to beat a dead horse.
I still stand by my suggestion though.
If you record the username and ip in an active user table,
then set a cookie on the computer that is cross referenced with the
ip and username,
you will have a little better check system.
Also, if you set a fall back that say checks to see if the cookie
is being reset or set for the first time or if the cookie has been
deleted, you can kick them.
Set the cookie to expire and be reset while in session to check to
see if it changes while the user is logged in.
Basically, if you check for log-in status from the active user
table and cross reference the ip,
it will probably cover say 75% of the cases. Using the cookie and
putting strict requirements
for the cookie to have been pre-existing with the right ip or if it
is being set for the first time,
you will have a little more control. Plus you could create a blob
of ips that is referenced with
each username that can be cross referenced to see if a user has
multiple ip sets or if two users have a similar ip.
Thus a little more granular control on the computers accessing your
site.
But like having an expensive painting in your house,
if the thief is going to put that much work in to get it, chances
are they will.
Just make sure its insured. :)
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
A Brandon_R Production
Duley noted, but the combo of tracking ips and cookies on computers
should still work.
If you are checking the ip against ALL users, if two users in the
active database have the same ip,
then whichever has the older timestamp stays and the new one gets
booted.
And if your periodically checking and reassigning cookies with the ip
stored, it should work.
Maybe if you have a situation with multiple computers having the same
ip, store the ips in a blob and then check their system info against
eachother.
If its the same system info, boot them. Something like using the
browser's user agent identifier $_SERVER['HTTP_USER_AGENT'] with the
aformentioned checks and balances.
I could stand corrected, and have not had to implement such
parameters, but for what they are doing, it should work.
Now if you created the interface in Flash, you could control this
very easily. But that is another discussion for another forum.
Karl
Karl DeSaulniers
Design Drumm
http://designdrumm.com
