Modification Description:: Prevents users from creating multiple accounts by using a cookie and checking their IP address. Modification Version: 1.0.1.1
Easy install.
In my testing. I always get the message that another account is in use on this system. This happens regardless if I clean the system of cookies and I have access to a different IP here at that house.
Is there another way it keeps track of accounts? Getting around cookie tracking for the most part is very easy to do. Yet, I have not been able to do this. Even with a separate IP as an option.
The cookie gets created on a user's system when they log in. The IP check is just to supplement the cookie check, so if the cookie doesn't exist, the IP check is the next line of defense. One thing you could try to do is log out and then clear the cookies. Registering after that should work if you have a different IP. Something I just thought of though, is that I didn't limit the IP check to registered users, so I think it is checking the guests as well. Obviously, the IP will always be the same as the guests IP, which will make the registration stop immediatly every time. It's an easy enough fix and I'll fix it and repackage it as soon as I can. Also, there currently are no others checks that occur but I'm looking around the web to find similar scripts to get some ideas.
I'll have to retest it after you make the changes.
I cleared cookies, used a different IP and all of my results were the message that another account is in use on this system. As simple as it is to install. I'll be happy to retest it.
The IP check is turning out to be a bit harder than I thought it would be to fix. The script is getting the client's IP and running the sql query just fine, but I can't seem to get them to compare, so the script is always returning false, which bypasses the IP check and continues the registration. The cookie checks works fine still though. Also, if you want to test the script without the IP check, do this:
Thanks for creating this MOD which has been requested by several persons (including me), kmklr72! Can you already tell us something about its performance? E.g. how many additional queries does the IP check need?
In my testing for bugs, I never experienced any real performance issues with the mod. The IP check is , at least for right now, the only check that does SQL queries, and the light check only does 2. There are about 4 or 5 more done when the check is set to full but I still didn't experience many problems with it. Of course, my test boards only have a few members lol, but since the IP check only occurs during registration, I don't think it would cause too many problems for a big board. The cookie check happens every login but it doesn't query the database, it only checks for a cookie on the user's system, so that shouldn't cause any performance hits. Of course, if you test it, any feedback would be very helpful. Also, I'm working on an ACP module for the mod, but it's a slow go for me as the module isn't performing queries correctly for me.
as this is a new mod to prevent people having multiple accounts on the same forum, if anyone has any other suggestions on how to identify multiple accounts it would be good to post them. some ways that have been concidered are: email addresses, similar email adresses, ip's, cooky info, and computer footprint (hardware/software setup).keep up the good work kmklr72!
Another thing to check for would be simulair names like floydster69 and floydster666. Then once you have identified someone that makes multiple accounts it would be nice to have the mod check for others with the same host. maybe get a bit touchier on new new accounts made from the same host.
Yet another version. A small bug that would cause the cookie to be created before logging in has been fixed. Also, upgrade instructions have been added.
Does this stop people registering completely ? ideally I am looking for a system that wont prevent people creating a duplicate accouint, but will notify an admin, a group, or whatever, when when it detects a multiple account.
Basing my thoughts on the vBulletin Alter-Ego detector, I see a need for a mod to drop a cookie when someone logs in. The next time that PC logs in, the mod should check for the exisitance of a cookie. If it's there and the same ID is being used, fine. If it's there and a different ID is being used, then PM the admin with the two IDs used.
In my geographical area, IP address trapping would be useless.
Right now, depending on how the mod is configured in the ACP, the cookie check looks for a cookie on the user's computer at the start of the registration process. If it exists, the user is denied registration. If it doesn't, the registration process continues as normal and the cookie gets created when the user logs in if it doesn't exist. I am currently working on the third beta which will allow much more flexibility, as well as adding a choice between PM and email notification. I'm hoping to have it finished and released by the end of this weekend, so make sure to check every now and then. Also, if there are any ideas that you have for this MOD, I would be more than happy to here them .