forum.coppermine-gallery.net
Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: alanlai on April 15, 2009, 10:47:10 pm
-
How to determine and block, if 2 users using different IPs, and login with the same user name simultaneously?
-
The only way it's to block the IP with a .htaccess file. (But not a bright idea since the IP change -in most conection services- everytime the user get the conection).
If you want some of the users be allowed to login and the other not, just tell him/her to change his/her password and the other user would not be able to login.
-
Why would you want to disallow a user to be logged on on two machines simultaneously? What's so bad about that? What's the abuse potential?
The reference to the .htaccess file being the only way to stop this is not correct imo: you could easily enable detailed logging and then add a code section that compares the IP addresses for any given user, but this has two disadvantages:
- You'd be burning a lot of resources, probably with a notable performance impact
- The code needed to do what you're up to hasn't been coded, so you'd have to come up with that custom code, which is not a trivial task
I can't see how you could possibly accomplish what you're up to using .htaccess methods, as neither the file system on OS level nor the apache webserver are "aware" of the logged-in user: that logic is only known to the script.
As suggested, you need to figure out if this is really needed: maybe you could tell us first why you think that you need to block visitors by IP because they appear to be using the same user name. My guess is that this is where the initial problem lies: you might be making false assumptions. So describe in detail what happened and what you try to prevent from happening.