On top of this I'd add a weekly count of user logins, so that the users in effect buy a given amount of accesses each week.
If you're really serious, you will have to be somewhat brutal with your users - change the password, make it a difficult to remember combination, and do it often enough that they know you mean business.
We've been fighting with this for four years, and there's no perfect solution. If it's a site where you are distributing published materials (.pdf's) you may take a good look at what Adobe calls, or used to call, Web Merchant, bite the bullet on the licensing and royalty fees, and reconcile yourself to a Windows / IIS solution.
Cheers - Miles Thompson
At 02:23 PM 7/15/2004, Tim Van Wassenhove wrote:
In article <071520041609.6071.40F6AC330005C593000017B722007354469B020103040A0B@xxxxxxxxxxx>, veditio@xxxxxxxxxxx wrote:
> Because this is a revenue-based site, and users buy a password for access, we're wondering what the best php/mysql mechanism would be to allow only one person to access their account at a time.
> In other words, how do we prevent two users from using the same password to access the same account at the same time?
If a user logs in: store the login timestamp in the database store the uid and timestamp in a session variable.
If a user requests a page: compare the uid and timestamp in the session with the ones in the database.
This way: Every user that tries to login with a valid uid/pwd gets access. Every session with the same uid but older timestamp expires.
Don't applaud, just throw money :D
-- Tim Van Wassenhove <http://home.mysth.be/~timvw>
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
