Is there a way to prevent multiple individuals from logging in using the same username/password combination? Specifically, if a user pays for specific usergroup access, and then passes their login info. to several other individuals who use it to log on at the same time. Is there a way to prevent that?
Thanks!
Can I prevent multiple logins using the same username?
Moderator: Integra Moderator
5 posts
• Page 1 of 1
Can I prevent multiple logins using the same username?
Author: Vadar » Fri Jun 30, 2006 5:49 pm
Last edited by Vadar on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Author: computerskillz » Sat Jul 01, 2006 7:57 pm
Very very good question!
Something I doubt has been thought of.
I was thinking about a modification that asks a user if this will be their primary logon location (the computer they're logging in from, a.k.a a Computer Account) and then set the IP of that computer as the "main" IP for that user. A user can also configure one or more computer accounts: one for home, one for work, one for the library, etc)
Such that if the user logs on from another computer other than the main "computer account" IP, the user is then prompted for their security answer.
This prevents user accounts from being compromised by unauthorized users who may have access to a user account but not located at one of the configured "Computer Accounts" of the user. The admin can set the # of allowable "Computer Accounts" per user or per site. Logons from the second computer account will block logon attempts from the other computer accounts and so on and so on.
And to prevent authorized users from passing along their security credentials to other users, such as by selling a paid-subscription account, the modification can allow access from only one computer account at a time per logon. So that the same logon account can't be loged on from two different computers at the same time and/or within a configurable time frame.
etc
I think this would definitely help in the event of a user passing along paid priviledges and possibly making money by purchasing one paid account and then selling it to multiple people, as well as prevent potential hacks of one or more accounts.
VERY good question! I'll post this as a mod request on phpBB to see if maybe somebody will work on it.
Something I doubt has been thought of.
I was thinking about a modification that asks a user if this will be their primary logon location (the computer they're logging in from, a.k.a a Computer Account) and then set the IP of that computer as the "main" IP for that user. A user can also configure one or more computer accounts: one for home, one for work, one for the library, etc)
Such that if the user logs on from another computer other than the main "computer account" IP, the user is then prompted for their security answer.
This prevents user accounts from being compromised by unauthorized users who may have access to a user account but not located at one of the configured "Computer Accounts" of the user. The admin can set the # of allowable "Computer Accounts" per user or per site. Logons from the second computer account will block logon attempts from the other computer accounts and so on and so on.
And to prevent authorized users from passing along their security credentials to other users, such as by selling a paid-subscription account, the modification can allow access from only one computer account at a time per logon. So that the same logon account can't be loged on from two different computers at the same time and/or within a configurable time frame.
etc
I think this would definitely help in the event of a user passing along paid priviledges and possibly making money by purchasing one paid account and then selling it to multiple people, as well as prevent potential hacks of one or more accounts.
VERY good question! I'll post this as a mod request on phpBB to see if maybe somebody will work on it.
Last edited by computerskillz on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
testing apostrophe''s in the singature''''s
Re: Can I prevent multiple logins using the same username?
Author: Vadar » Sat Jul 01, 2006 8:18 pm
Hi,
I can see where you are going with the primary logon location ID mod. That makes a lot of sense.
I guess I was looking at it from a slightly different angle. I was wondering if it might be possible to capture the fact that a particular user was logged on and, if so, actively prevent a second log on using that same username/password combination.
For example, right now I can log on to this portal and then go to the computer next to me and log on a second time. Wouldn't it make sense that once the software "sees" that you are logged in, it could be set up to prevent any other attempt to log on using that same username/password combination for as long as the first instance is active?
The solution you are looking at takes it a step farther, but I can see how it would require a significant modification. Although what I described above wouldn't be quite as effective, it might be easier to create. What do you think?
I can see where you are going with the primary logon location ID mod. That makes a lot of sense.
I guess I was looking at it from a slightly different angle. I was wondering if it might be possible to capture the fact that a particular user was logged on and, if so, actively prevent a second log on using that same username/password combination.
For example, right now I can log on to this portal and then go to the computer next to me and log on a second time. Wouldn't it make sense that once the software "sees" that you are logged in, it could be set up to prevent any other attempt to log on using that same username/password combination for as long as the first instance is active?
The solution you are looking at takes it a step farther, but I can see how it would require a significant modification. Although what I described above wouldn't be quite as effective, it might be easier to create. What do you think?
Last edited by Vadar on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Re: Can I prevent multiple logins using the same username?
Author: computerskillz » Sat Jul 01, 2006 10:48 pm
"Vadar";p="10687" wrote:Hi,
I can see where you are going with the primary logon location ID mod. That makes a lot of sense.
I guess I was looking at it from a slightly different angle. I was wondering if it might be possible to capture the fact that a particular user was logged on and, if so, actively prevent a second log on using that same username/password combination.
For example, right now I can log on to this portal and then go to the computer next to me and log on a second time. Wouldn't it make sense that once the software "sees" that you are logged in, it could be set up to prevent any other attempt to log on using that same username/password combination for as long as the first instance is active?
The solution you are looking at takes it a step farther, but I can see how it would require a significant modification. Although what I described above wouldn't be quite as effective, it might be easier to create. What do you think?
I agree.
The answer to your particular scenario lies somewhere in the phpbb_sessions table and how the data is queried. I'm just not altogether sure where its queried from, and how the bits are manipulated. Once I figure that part out.. then yeah.. it sounds like it would be a relatively easy modification.
Last edited by computerskillz on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
testing apostrophe''s in the singature''''s
5 posts
• Page 1 of 1
Who is online
Registered users: App360MonitorBot, Bing [Bot], Google [Bot]
It is currently Thu May 01, 2025 6:41 am
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
