SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2002
    Posts
    26
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Passing around ID's to beat PHP user authentication

    How does a site stop this? : People purchase access to a selected area of a site and then pass around the username and password to all their friends.

    One cannot check the IP address of the users because the IP address changes regularly for dialup customers, right? Also, people might access the site from their desktop and then their laptop.

    So what do sites like nba.com do? NBA.com has a "Inside Ticket" service. I would expect kids to pass around passwords to this constantly.

    The only thing I can think of is to watch the IP Address and if a username is coming from all over the place, then ask the user to change the password.

    Any other ideas?
    B

  2. #2
    PHP Otaku Gibb's Avatar
    Join Date
    Jul 2004
    Location
    Texas
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you can create a function to check whether somebody's already logged in or not. So say if user 1 logs in with username joe, and user 2 logs in as username joe, you can see that joe is already active in your sessions and block the user. You can also add the ability to email this dual log on attempt to yourself so you can suspend/ban the account.


    edit: adding some more.

    This would also work if the user doesnt specifically have a home computer. Perhaps they only use the internet at Internet cafes, or at friends houses, so it would be bad to bind a certain IP address to somebody's account. As long as only one person can use the account at one time, you shouldnt really care if they give out the password.

  3. #3
    Fully Sweet Car noddy's Avatar
    Join Date
    Aug 2002
    Location
    Perth, Western Australia
    Posts
    759
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could also use the sessionID of the browser and then test for that matching as well.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •