How to restrict one user from one IP

ra**********@gmail.com wrote:

I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

Regards
Rahi

You can't do it reliably.

Many medium and large companies have a proxy that all computers on their
network use, so externally, all of their computers will have the same IP
address.

But worse, many large companies and ISP's (such as AOL) use multiple
proxies, and a request can come from any of the proxies. That means
every request may come from a different IP address.

And even if neither of the above is true, dynamic addressing means a
user can get a different IP address when his current lease expires.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

ra**********@gmail.com wrote:

I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

$_SESSION

--
Freundliche Grüße,
Franz Marksteiner

On Tue, 26 Feb 2008 07:51:55 +0100, ra**********@gmail.com
<ra**********@gmail.comwrote:

I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

Rather then restrict it by ip, I use tables to store a session:

table sessions:
session-id (primary key, session-id from PHP)
user-id (from the users table or null)
values (default serialized session data)

table user:
id
name
etc...

On a login attempt, a user can identify himself, which will mean his
user-id gets coupled to the session, all other session(s) having that
user-id will have their user-id set to null (effectively logged out). The
user-id is 'manualy' (i.e. with PHP code querying the database)
overwritten in the $_SESSION array.

The advantage is that a user can be logged in with only one session-id,
regardless of changing/static ip addresses (several users from one, or one
hopping addresses is no trouble), the disadvantage could be that one user
which deploys different UA's which don't share their cookies (MSIE & FF
for instance), he can't stay logged in in both UA's.
--
Rik Wasmus

On Feb 26, 1:51 am, "rahismail...@gmail.com" <rahismail...@gmail.com>
wrote:

I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

Regards
Rahi

$_SESSION wont help with this on it's own as two computers would have
separate SESSION_IDs
you would have to store IP addresses with SESSION_ID in a database or
something
then you'd have to search the db for that IP on every page access, and
if the SESSION_ID doesn't match... handle it...

but the problems with this have been highlighted and if it's something
like someone flooding your site, throttle Login actions to y attempts
every x seconds

ra**********@gmail.com wrote:

I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

Regards
Rahi

Search the archives, you will find the answer! Do not ask the question
which were answered!..