Re: [PHP] Multiple Login in a single PC should not be possible
On Sep 7, 2010, at 12:47 AM, Robert Cummings wrote: On 10-09-07 01:21 AM, Karl DeSaulniers wrote: @Jagdeep Singh Hi Jagdeep, I know it has been a while now, but I thought I'd let you know. Setting up a database with a session login and some checks and balances will allow you to do what you were wanting with controlling a user using multiple browsers on the same machine. I just finished my login system and it is set up with a session that checks the login status of a user on every page they go to. I was testing to see how some css was working on one of the user info pages, and so I was already logged into the account on safari, I then went to Opera and Firefox and tried to view the page I was on and they told me I was not logged in. I also tried logging in on those browsers and it did not let me. Hence, I know now it is possible to achieve the results your looking for. I just built a query to an ACTIVE_USERS table in my database on the login page and a session check when each page was visited. When a user successfully logs into the system, their username and time of login get stamped in this ACTIVE_USERS table for you to check against. You could even put a field in this table that stamps what page they are on. JAT Don't know if you still need help with this or not, but thought I'd let you know what I found out. If I recall this thread from several months ago... the issue is not detecting that a single user is logged in multiple times (this is known to be trivial - congratulations you've solved a solved problem), but that a person is logged in from one computer multiple times (whether it be via different browsers or virtual machines) where the logged in account is not necessarily the same user account in each logged in instance. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. Oh, that's right. Sorry for the rehash, but I found myself in a similar situation. Would using flash and LocalConnection work for this? Have a hidden flash file with a LocalConnection sending out a beacon (if you will) and it will answer itself if any other browser windows are open that have that LocalConnection. I think LC would even work if say I had Virtual PC running on my Mac and a safari window open on both. That plus the twice-solved problem and your good I am thinking. Best, Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On 10-09-07 01:21 AM, Karl DeSaulniers wrote: @Jagdeep Singh Hi Jagdeep, I know it has been a while now, but I thought I'd let you know. Setting up a database with a session login and some checks and balances will allow you to do what you were wanting with controlling a user using multiple browsers on the same machine. I just finished my login system and it is set up with a session that checks the login status of a user on every page they go to. I was testing to see how some css was working on one of the user info pages, and so I was already logged into the account on safari, I then went to Opera and Firefox and tried to view the page I was on and they told me I was not logged in. I also tried logging in on those browsers and it did not let me. Hence, I know now it is possible to achieve the results your looking for. I just built a query to an ACTIVE_USERS table in my database on the login page and a session check when each page was visited. When a user successfully logs into the system, their username and time of login get stamped in this ACTIVE_USERS table for you to check against. You could even put a field in this table that stamps what page they are on. JAT Don't know if you still need help with this or not, but thought I'd let you know what I found out. If I recall this thread from several months ago... the issue is not detecting that a single user is logged in multiple times (this is known to be trivial - congratulations you've solved a solved problem), but that a person is logged in from one computer multiple times (whether it be via different browsers or virtual machines) where the logged in account is not necessarily the same user account in each logged in instance. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
@Jagdeep Singh Hi Jagdeep, I know it has been a while now, but I thought I'd let you know. Setting up a database with a session login and some checks and balances will allow you to do what you were wanting with controlling a user using multiple browsers on the same machine. I just finished my login system and it is set up with a session that checks the login status of a user on every page they go to. I was testing to see how some css was working on one of the user info pages, and so I was already logged into the account on safari, I then went to Opera and Firefox and tried to view the page I was on and they told me I was not logged in. I also tried logging in on those browsers and it did not let me. Hence, I know now it is possible to achieve the results your looking for. I just built a query to an ACTIVE_USERS table in my database on the login page and a session check when each page was visited. When a user successfully logs into the system, their username and time of login get stamped in this ACTIVE_USERS table for you to check against. You could even put a field in this table that stamps what page they are on. JAT Don't know if you still need help with this or not, but thought I'd let you know what I found out. Best, Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Jun 15, 2010, at 12:52 PM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 12:51 -0500, Karl DeSaulniers wrote: Sent from losPhone On Jun 15, 2010, at 12:41 PM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 12:37 -0500, Karl DeSaulniers wrote: Sent from losPhone On Jun 15, 2010, at 7:08 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 07:04 -0500, Karl DeSaulniers wrote: On Jun 15, 2010, at 6:24 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: Karl, Which app are you talking about? Regards, Shreyas On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers wrote: Hey, I just found this app that I think will do your single user login. It is a MySQL monitoring app called MySQL Query Analyzer. It has the functionality I think you were looking for. Might be worth a "look-see". :)) Hth, Karl I think he means MySQL Query Analyzer, but I'm not sure how that is an answer to the question though! Thanks, Ash http://www.ashleysheridan.co.uk Yes. MySQL Query Analyzer. I read that it has single user login capability. Is that not what you were wanting? Karl DeSaulniers Design Drumm http://designdrumm.com Erm... According to mysql.com it's for Java and .Net (no mention of PHP) and it doesn't look like the source is released, so you can't reverse engineer it, so I don't see how it's an answer to the OP's question. Thanks, Ash http://www.ashleysheridan.co.uk Darn. I missed that part. Well, sry for getting your hopes up. I thought I was on to something. Is there the off chance he could mix JavaScript with his site and this program to control his users? Karl No, because Java and Javascript are not the same thing at all, and this program doesn't control user logins, it's for analysing MySQL queries, hence its name! Thanks, Ash http://www.ashleysheridan.co.uk Ok. I was referring to this. The enhanced MySQL Query Analyzer is available via the latest release of MySQL Enterprise at the Gold and Platinum subscriber levels. The latest release of MySQL Enterprise also includes: Improved Enterprise Monitor security with read-only user role and single sign-on capabilities through LDAP integration Are they talking about single user access to this program? I should have read more before posting. Sry all. Just trying to help. Karl Yeah, it's access to that software! lol Thanks, Ash http://www.ashleysheridan.co.uk Ahhh. My appologies. It was late when I read it. :-/ Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Tue, 2010-06-15 at 12:51 -0500, Karl DeSaulniers wrote: > > Sent from losPhone > > On Jun 15, 2010, at 12:41 PM, Ashley Sheridan > wrote: > > > On Tue, 2010-06-15 at 12:37 -0500, Karl DeSaulniers wrote: > > > >> > >> Sent from losPhone > >> > >> On Jun 15, 2010, at 7:08 AM, Ashley Sheridan > >> wrote: > >> > >>> On Tue, 2010-06-15 at 07:04 -0500, Karl DeSaulniers wrote: > >>> > On Jun 15, 2010, at 6:24 AM, Ashley Sheridan wrote: > > > On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: > >> > >> Karl, > >> > >> Which app are you talking about? > >> > >> Regards, > >> Shreyas > >> > >> On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers > >> wrote: > >> > >>> Hey, > >>> I just found this app that I think will do your single user > >> login. It is a > >>> MySQL monitoring app called MySQL Query Analyzer. It has the > >> functionality I > >>> think you were looking for. Might be worth a "look-see". > >>> > >>> :)) > >>> > >>> Hth, > >>> Karl > >> > >> > >> > >> > > > > I think he means MySQL Query Analyzer, but I'm not sure how that > > is > > an answer to the question though! > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > > Yes. MySQL Query Analyzer. > I read that it has single user login capability. > Is that not what you were wanting? > > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > > >>> > >>> > >>> Erm... > >>> > >>> According to mysql.com it's for Java and .Net (no mention of PHP) > >>> and it > >>> doesn't look like the source is released, so you can't reverse > >>> engineer > >>> it, so I don't see how it's an answer to the OP's question. > >>> > >>> Thanks, > >>> Ash > >>> http://www.ashleysheridan.co.uk > >>> > >>> > >> > >> Darn. I missed that part. > >> Well, sry for getting your hopes up. > >> I thought I was on to something. > >> > >> Is there the off chance he could mix JavaScript with his site and > >> this > >> program to control his users? > >> > >> Karl > >> > > > > > > No, because Java and Javascript are not the same thing at all, and > > this > > program doesn't control user logins, it's for analysing MySQL queries, > > hence its name! > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > Ok. > I was referring to this. > The enhanced MySQL Query Analyzer is available via the latest release > of MySQL Enterprise at the Gold and Platinum subscriber levels. The > latest release of MySQL Enterprise also includes: > > Improved Enterprise Monitor security with read-only user role and > single sign-on capabilities through LDAP integration > Are they talking about single user access to this program? I should > have read more before posting. Sry all. Just trying to help. > > > Karl Yeah, it's access to that software! lol Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Multiple Login in a single PC should not be possible
Sent from losPhone On Jun 15, 2010, at 12:41 PM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 12:37 -0500, Karl DeSaulniers wrote: Sent from losPhone On Jun 15, 2010, at 7:08 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 07:04 -0500, Karl DeSaulniers wrote: On Jun 15, 2010, at 6:24 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: Karl, Which app are you talking about? Regards, Shreyas On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers wrote: Hey, I just found this app that I think will do your single user login. It is a MySQL monitoring app called MySQL Query Analyzer. It has the functionality I think you were looking for. Might be worth a "look-see". :)) Hth, Karl I think he means MySQL Query Analyzer, but I'm not sure how that is an answer to the question though! Thanks, Ash http://www.ashleysheridan.co.uk Yes. MySQL Query Analyzer. I read that it has single user login capability. Is that not what you were wanting? Karl DeSaulniers Design Drumm http://designdrumm.com Erm... According to mysql.com it's for Java and .Net (no mention of PHP) and it doesn't look like the source is released, so you can't reverse engineer it, so I don't see how it's an answer to the OP's question. Thanks, Ash http://www.ashleysheridan.co.uk Darn. I missed that part. Well, sry for getting your hopes up. I thought I was on to something. Is there the off chance he could mix JavaScript with his site and this program to control his users? Karl No, because Java and Javascript are not the same thing at all, and this program doesn't control user logins, it's for analysing MySQL queries, hence its name! Thanks, Ash http://www.ashleysheridan.co.uk Ok. I was referring to this. The enhanced MySQL Query Analyzer is available via the latest release of MySQL Enterprise at the Gold and Platinum subscriber levels. The latest release of MySQL Enterprise also includes: Improved Enterprise Monitor security with read-only user role and single sign-on capabilities through LDAP integration Are they talking about single user access to this program? I should have read more before posting. Sry all. Just trying to help. Karl
Re: [PHP] Multiple Login in a single PC should not be possible
Sent from losPhone On Jun 15, 2010, at 12:37 PM, Karl DeSaulniers wrote: Sent from losPhone On Jun 15, 2010, at 7:08 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 07:04 -0500, Karl DeSaulniers wrote: On Jun 15, 2010, at 6:24 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: Karl, Which app are you talking about? Regards, Shreyas On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers wrote: Hey, I just found this app that I think will do your single user login. It is a MySQL monitoring app called MySQL Query Analyzer. It has the functionality I think you were looking for. Might be worth a "look-see". :)) Hth, Karl I think he means MySQL Query Analyzer, but I'm not sure how that is an answer to the question though! Thanks, Ash http://www.ashleysheridan.co.uk Yes. MySQL Query Analyzer. I read that it has single user login capability. Is that not what you were wanting? Karl DeSaulniers Design Drumm http://designdrumm.com Erm... According to mysql.com it's for Java and .Net (no mention of PHP) and it doesn't look like the source is released, so you can't reverse engineer it, so I don't see how it's an answer to the OP's question. Thanks, Ash http://www.ashleysheridan.co.uk Darn. I missed that part. Well, sry for getting your hopes up. I thought I was on to something. Is there the off chance he could mix JavaScript Oops meant Java with his site and this program to control his users? Karl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Tue, 2010-06-15 at 12:37 -0500, Karl DeSaulniers wrote: > > Sent from losPhone > > On Jun 15, 2010, at 7:08 AM, Ashley Sheridan > wrote: > > > On Tue, 2010-06-15 at 07:04 -0500, Karl DeSaulniers wrote: > > > >> On Jun 15, 2010, at 6:24 AM, Ashley Sheridan wrote: > >> > >>> On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: > > Karl, > > Which app are you talking about? > > Regards, > Shreyas > > On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers > wrote: > > > Hey, > > I just found this app that I think will do your single user > login. It is a > > MySQL monitoring app called MySQL Query Analyzer. It has the > functionality I > > think you were looking for. Might be worth a "look-see". > > > > :)) > > > > Hth, > > Karl > > > > > >>> > >>> I think he means MySQL Query Analyzer, but I'm not sure how that is > >>> an answer to the question though! > >>> > >>> Thanks, > >>> Ash > >>> http://www.ashleysheridan.co.uk > >>> > >>> > >> > >> > >> Yes. MySQL Query Analyzer. > >> I read that it has single user login capability. > >> Is that not what you were wanting? > >> > >> > >> Karl DeSaulniers > >> Design Drumm > >> http://designdrumm.com > >> > > > > > > Erm... > > > > According to mysql.com it's for Java and .Net (no mention of PHP) > > and it > > doesn't look like the source is released, so you can't reverse > > engineer > > it, so I don't see how it's an answer to the OP's question. > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > Darn. I missed that part. > Well, sry for getting your hopes up. > I thought I was on to something. > > Is there the off chance he could mix JavaScript with his site and this > program to control his users? > > Karl > No, because Java and Javascript are not the same thing at all, and this program doesn't control user logins, it's for analysing MySQL queries, hence its name! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Multiple Login in a single PC should not be possible
Sent from losPhone On Jun 15, 2010, at 7:08 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 07:04 -0500, Karl DeSaulniers wrote: On Jun 15, 2010, at 6:24 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: Karl, Which app are you talking about? Regards, Shreyas On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers wrote: Hey, I just found this app that I think will do your single user login. It is a MySQL monitoring app called MySQL Query Analyzer. It has the functionality I think you were looking for. Might be worth a "look-see". :)) Hth, Karl I think he means MySQL Query Analyzer, but I'm not sure how that is an answer to the question though! Thanks, Ash http://www.ashleysheridan.co.uk Yes. MySQL Query Analyzer. I read that it has single user login capability. Is that not what you were wanting? Karl DeSaulniers Design Drumm http://designdrumm.com Erm... According to mysql.com it's for Java and .Net (no mention of PHP) and it doesn't look like the source is released, so you can't reverse engineer it, so I don't see how it's an answer to the OP's question. Thanks, Ash http://www.ashleysheridan.co.uk Darn. I missed that part. Well, sry for getting your hopes up. I thought I was on to something. Is there the off chance he could mix JavaScript with his site and this program to control his users? Karl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Tue, 2010-06-15 at 07:04 -0500, Karl DeSaulniers wrote: > On Jun 15, 2010, at 6:24 AM, Ashley Sheridan wrote: > > > On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: > >> > >> Karl, > >> > >> Which app are you talking about? > >> > >> Regards, > >> Shreyas > >> > >> On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers > >> wrote: > >> > >> > Hey, > >> > I just found this app that I think will do your single user > >> login. It is a > >> > MySQL monitoring app called MySQL Query Analyzer. It has the > >> functionality I > >> > think you were looking for. Might be worth a "look-see". > >> > > >> > :)) > >> > > >> > Hth, > >> > Karl > >> > >> > >> > >> > > > > I think he means MySQL Query Analyzer, but I'm not sure how that is > > an answer to the question though! > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > > Yes. MySQL Query Analyzer. > I read that it has single user login capability. > Is that not what you were wanting? > > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > Erm... According to mysql.com it's for Java and .Net (no mention of PHP) and it doesn't look like the source is released, so you can't reverse engineer it, so I don't see how it's an answer to the OP's question. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Multiple Login in a single PC should not be possible
On Jun 15, 2010, at 6:24 AM, Ashley Sheridan wrote: On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: Karl, Which app are you talking about? Regards, Shreyas On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers wrote: > Hey, > I just found this app that I think will do your single user login. It is a > MySQL monitoring app called MySQL Query Analyzer. It has the functionality I > think you were looking for. Might be worth a "look-see". > > :)) > > Hth, > Karl I think he means MySQL Query Analyzer, but I'm not sure how that is an answer to the question though! Thanks, Ash http://www.ashleysheridan.co.uk Yes. MySQL Query Analyzer. I read that it has single user login capability. Is that not what you were wanting? Karl DeSaulniers Design Drumm http://designdrumm.com
Re: [PHP] Multiple Login in a single PC should not be possible
On Tue, 2010-06-15 at 16:52 +0530, Shreyas Agasthya wrote: > Karl, > > Which app are you talking about? > > Regards, > Shreyas > > On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers wrote: > > > Hey, > > I just found this app that I think will do your single user login. It is a > > MySQL monitoring app called MySQL Query Analyzer. It has the functionality I > > think you were looking for. Might be worth a "look-see". > > > > :)) > > > > Hth, > > Karl > > > > I think he means MySQL Query Analyzer, but I'm not sure how that is an answer to the question though! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Multiple Login in a single PC should not be possible
Karl, Which app are you talking about? Regards, Shreyas On Tue, Jun 15, 2010 at 8:21 AM, Karl DeSaulniers wrote: > Hey, > I just found this app that I think will do your single user login. It is a > MySQL monitoring app called MySQL Query Analyzer. It has the functionality I > think you were looking for. Might be worth a "look-see". > > :)) > > Hth, > Karl -- Regards, Shreyas Agasthya
Re: [PHP] Multiple Login in a single PC should not be possible
Hey, I just found this app that I think will do your single user login. It is a MySQL monitoring app called MySQL Query Analyzer. It has the functionality I think you were looking for. Might be worth a "look-see". :)) Hth, Karl
Re: [PHP] Multiple Login in a single PC should not be possible
The consensus I have been getting is that there really is no way to block this type of activity, BUT you can make it difficult enough to deter most attempts. Karl On May 23, 2010, at 9:42 PM, Karl DeSaulniers wrote: I was also told that you can use Adobe Air to control this as well. Air only allows one copy per machine to run originally. Here is a link to set it to run multiple copies. You can use this to see how to set it up and figure a way to not let yours. If that is the route you take. http://www.colettas.org/?p=273 But here again, if they have a virtual machine... HTH, Karl On May 23, 2010, at 4:21 PM, Karl DeSaulniers wrote: You may still have trouble with virtual machines though. Karl On May 23, 2010, at 4:18 PM, Karl DeSaulniers wrote: I was given a solution, or a work-around. You will have to use flash, but, you can set up a LocalConnection class that determines if the swf is being run on the same system and if it is boot one. You have the LocalConnection class send out a message to itself and if it answers itself, then there are two running. Otherwise only that one is running. Sort of hackish, but would probably do the trick. HTH Karl On May 23, 2010, at 3:35 PM, Karl DeSaulniers wrote: Hi Nathan, The problem is not mine to speak of necessarily. I was trying to help find a solution for another. But from what I understand, they have a online lesson that they dont want people to be able to log in as another user and get the answers to. Here is the their post. On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
I was also told that you can use Adobe Air to control this as well. Air only allows one copy per machine to run originally. Here is a link to set it to run multiple copies. You can use this to see how to set it up and figure a way to not let yours. If that is the route you take. http://www.colettas.org/?p=273 But here again, if they have a virtual machine... HTH, Karl On May 23, 2010, at 4:21 PM, Karl DeSaulniers wrote: You may still have trouble with virtual machines though. Karl On May 23, 2010, at 4:18 PM, Karl DeSaulniers wrote: I was given a solution, or a work-around. You will have to use flash, but, you can set up a LocalConnection class that determines if the swf is being run on the same system and if it is boot one. You have the LocalConnection class send out a message to itself and if it answers itself, then there are two running. Otherwise only that one is running. Sort of hackish, but would probably do the trick. HTH Karl On May 23, 2010, at 3:35 PM, Karl DeSaulniers wrote: Hi Nathan, The problem is not mine to speak of necessarily. I was trying to help find a solution for another. But from what I understand, they have a online lesson that they dont want people to be able to log in as another user and get the answers to. Here is the their post. On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
You may still have trouble with virtual machines though. Karl On May 23, 2010, at 4:18 PM, Karl DeSaulniers wrote: I was given a solution, or a work-around. You will have to use flash, but, you can set up a LocalConnection class that determines if the swf is being run on the same system and if it is boot one. You have the LocalConnection class send out a message to itself and if it answers itself, then there are two running. Otherwise only that one is running. Sort of hackish, but would probably do the trick. HTH Karl On May 23, 2010, at 3:35 PM, Karl DeSaulniers wrote: Hi Nathan, The problem is not mine to speak of necessarily. I was trying to help find a solution for another. But from what I understand, they have a online lesson that they dont want people to be able to log in as another user and get the answers to. Here is the their post. On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
I was given a solution, or a work-around. You will have to use flash, but, you can set up a LocalConnection class that determines if the swf is being run on the same system and if it is boot one. You have the LocalConnection class send out a message to itself and if it answers itself, then there are two running. Otherwise only that one is running. Sort of hackish, but would probably do the trick. HTH Karl On May 23, 2010, at 3:35 PM, Karl DeSaulniers wrote: Hi Nathan, The problem is not mine to speak of necessarily. I was trying to help find a solution for another. But from what I understand, they have a online lesson that they dont want people to be able to log in as another user and get the answers to. Here is the their post. On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Karl DeSaulniers wrote: Hi Nathan, The problem is not mine to speak of necessarily. I was trying to help find a solution for another. But from what I understand, they have a online lesson that they dont want people to be able to log in as another user and get the answers to. Here is the their post. On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out cool; only effective way i can see is to produce a unique (one time) hash in response to every request, and submit that with the answer; that way it's unique to every interaction. And only allow the test to be taken by a specific login once (ie if they've started it, they can't start again) But doesn't effectively stop anything because they could have 2 user accounts, and all the previous matters. you can make it more difficult, can't prevent it. as far as I know anyway! Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Hi Nathan, The problem is not mine to speak of necessarily. I was trying to help find a solution for another. But from what I understand, they have a online lesson that they dont want people to be able to log in as another user and get the answers to. Here is the their post. On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
quick confirm: flash won't help you here (nor java, ajax, virtualisation, client side programs, ip filtering, browser detection) - it's not possible I'm afraid; best you can do is limit with personally identifiable information and trust that users won't be sharing an account which has sensitive data in it. I seem to have missed it; but why exactly don't you want a client 'logged in' multiple times (at the same time)? perhaps if you give us the root of the problem instead of how to do the solution you've chosen, we can be of more help :) Best, Nathan Robert Cummings wrote: See comment on virtual machine :) But even without a virtual machine, is this SharedObject saved in a browser determined location, or does the flash app get a say on where it wants to go. Is it shared between flash apps in same browser, or shared across all browsers on same machine. Karl DeSaulniers wrote: Also, on the flash subject, I believe you can utilize the SharedObject class to achieve what they are wanting. I was told that you MUST remember to delete the SharedObject if the browser window is closed or crashes. Not sure on how this is done. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Karl DeSaulniers wrote: > can't be done I'm afraid, no matter how hard you look - there is *always* a way around it. only thing you can do is in certain situations ensure that whatever important 'act' is carried out is limited to a fixed person with some personally identifiable data; for instance requiring an address and passport / driving license number for airplane ticket deliver and so forth. To illustrate, before me now on my 'single' machine, I have the primary OS, and two more running in virtual box's; each one has several browsers; and to compound matters I'm hooked up to 2 different networks; and on one of those I can change IP whenever I want. Perhaps only deep packet inspection shared between the different ISPs I use and some kind of knowledge on their part between who in the household is using which machine to do what @ each certain time. Good luck though :) Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
See comment on virtual machine :) But even without a virtual machine, is this SharedObject saved in a browser determined location, or does the flash app get a say on where it wants to go. Is it shared between flash apps in same browser, or shared across all browsers on same machine. Cheers, Rob. Karl DeSaulniers wrote: Also, on the flash subject, I believe you can utilize the SharedObject class to achieve what they are wanting. I was told that you MUST remember to delete the SharedObject if the browser window is closed or crashes. Not sure on how this is done. Karl On May 23, 2010, at 3:59 AM, Karl DeSaulniers wrote: What about creating a java or ajax proxy that verifies the system mixed with PHP login security and cookies? Maybe mix it with some SSL?? Karl On May 22, 2010, at 10:37 PM, Karl DeSaulniers wrote: I am going to ask my flash guru buddies. Let me see if I can find anything out. Karl On May 22, 2010, at 10:10 PM, Robert Cummings wrote: Robert Cummings wrote: Karl DeSaulniers wrote: Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. Have you ever programed in flash? Yes. But I prefer open source all the way :) BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
A virtual machine is like a separate computer, but running in the same computer. It would easily thwart this. Cheers, Rob. Karl DeSaulniers wrote: What about creating a java or ajax proxy that verifies the system mixed with PHP login security and cookies? Maybe mix it with some SSL?? Karl On May 22, 2010, at 10:37 PM, Karl DeSaulniers wrote: I am going to ask my flash guru buddies. Let me see if I can find anything out. Karl On May 22, 2010, at 10:10 PM, Robert Cummings wrote: Robert Cummings wrote: Karl DeSaulniers wrote: Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. Have you ever programed in flash? Yes. But I prefer open source all the way :) BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Also, on the flash subject, I believe you can utilize the SharedObject class to achieve what they are wanting. I was told that you MUST remember to delete the SharedObject if the browser window is closed or crashes. Not sure on how this is done. Karl On May 23, 2010, at 3:59 AM, Karl DeSaulniers wrote: What about creating a java or ajax proxy that verifies the system mixed with PHP login security and cookies? Maybe mix it with some SSL?? Karl On May 22, 2010, at 10:37 PM, Karl DeSaulniers wrote: I am going to ask my flash guru buddies. Let me see if I can find anything out. Karl On May 22, 2010, at 10:10 PM, Robert Cummings wrote: Robert Cummings wrote: Karl DeSaulniers wrote: Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. Have you ever programed in flash? Yes. But I prefer open source all the way :) BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
What about creating a java or ajax proxy that verifies the system mixed with PHP login security and cookies? Maybe mix it with some SSL?? Karl On May 22, 2010, at 10:37 PM, Karl DeSaulniers wrote: I am going to ask my flash guru buddies. Let me see if I can find anything out. Karl On May 22, 2010, at 10:10 PM, Robert Cummings wrote: Robert Cummings wrote: Karl DeSaulniers wrote: Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. Have you ever programed in flash? Yes. But I prefer open source all the way :) BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
I am going to ask my flash guru buddies. Let me see if I can find anything out. Karl On May 22, 2010, at 10:10 PM, Robert Cummings wrote: Robert Cummings wrote: Karl DeSaulniers wrote: Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. Have you ever programed in flash? Yes. But I prefer open source all the way :) BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Robert Cummings wrote: Karl DeSaulniers wrote: Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. Have you ever programed in flash? Yes. But I prefer open source all the way :) BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Karl DeSaulniers wrote: Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. Have you ever programed in flash? Yes. But I prefer open source all the way :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. Have you ever programed in flash? Karl Sent from losPhone On May 22, 2010, at 9:11 PM, Robert Cummings wrote: But then I don't get to use worldwide accepted and open standards for development. Karl DeSaulniers wrote: Well you could alway build it as an Adobe AIR app. Then it would be its own application. Not viewed through a browser. Karl On May 22, 2010, at 8:46 PM, Robert Cummings wrote: Yeah, but flash is proprietary and I for one hate hitting flash websites. Karl DeSaulniers Design Drumm http://designdrumm.com -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
But then I don't get to use worldwide accepted and open standards for development. Karl DeSaulniers wrote: Well you could alway build it as an Adobe AIR app. Then it would be its own application. Not viewed through a browser. Karl On May 22, 2010, at 8:46 PM, Robert Cummings wrote: Yeah, but flash is proprietary and I for one hate hitting flash websites. Karl DeSaulniers Design Drumm http://designdrumm.com -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Well you could alway build it as an Adobe AIR app. Then it would be its own application. Not viewed through a browser. Karl On May 22, 2010, at 8:46 PM, Robert Cummings wrote: Yeah, but flash is proprietary and I for one hate hitting flash websites. Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Karl DeSaulniers wrote: On May 22, 2010, at 7:43 PM, Brandon Rampersad wrote: These third world internet providers are screwing up the IP address system with their shared IPs which defeats the entire purpose of an IP address. I missed this bit... actually, this is less a third world issue as much as it is an organizational issue. NAT for large networks is meant to be driven through a small number of points. This is how it's supposed to work. Why should a company with 5 users need to purchase 50,000 public IP addresses when they can have 1 and use 5 internal private network addresses? We'd have run out of IP4 address space years ago if this were not possible. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Karl DeSaulniers wrote: Duley noted, but the combo of tracking ips and cookies on computers should still work. If you are checking the ip against ALL users, if two users in the active database have the same ip, then whichever has the older timestamp stays and the new one gets booted. And if your periodically checking and reassigning cookies with the ip stored, it should work. You cannot use the IP, it is not unique to a single computer. Many companies, universities, and government departments have a small pool of public gateway IPs through which all users travel. Maybe if you have a situation with multiple computers having the same ip, store the ips in a blob and then check their system info against eachother. And the same computer using multiple browsers? Also, in government there's usually a standard configuration shared by thousands of users. If its the same system info, boot them. Something like using the browser's user agent identifier $_SERVER['HTTP_USER_AGENT'] with the aformentioned checks and balances. Again not possible, see above. I could stand corrected, and have not had to implement such parameters, but for what they are doing, it should work. They will not. Also, all of the above information is spoofable. Now if you created the interface in Flash, you could control this very easily. But that is another discussion for another forum. Yeah, but flash is proprietary and I for one hate hitting flash websites. I surf with flashblock and I'm amazed how many sites don't have an alternative homepage for non flash users. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Karl DeSaulniers wrote: On May 22, 2010, at 3:37 PM, Robert Cummings wrote: This was beaten to death last week. The solution is not possible because it's not about restricting a single user from logging over multiple machines, it about restricting a single computer to only one session (so running IE, Firefox, Opera, Safari on same computer with different users would not be allowed). > Sorry for the top posting. Ah, I see. Don't mean to beat a dead horse. I still stand by my suggestion though. If you record the username and ip in an active user table, then set a cookie on the computer that is cross referenced with the ip and username, you will have a little better check system. Also, if you set a fall back that say checks to see if the cookie is being reset or set for the first time or if the cookie has been deleted, you can kick them. Set the cookie to expire and be reset while in session to check to see if it changes while the user is logged in. Basically, if you check for log-in status from the active user table and cross reference the ip, it will probably cover say 75% of the cases. Using the cookie and putting strict requirements for the cookie to have been pre-existing with the right ip or if it is being set for the first time, you will have a little more control. Plus you could create a blob of ips that is referenced with each username that can be cross referenced to see if a user has multiple ip sets or if two users have a similar ip. Thus a little more granular control on the computers accessing your site. But like having an expensive painting in your house, if the thief is going to put that much work in to get it, chances are they will. Just make sure its insured. :) It doesn't work that way though because the session cookie is only valid for the browser to which it is issued. A cookie issued to a Firefox connection is completely disjoint from a cookie issued to a Chrome session or an Opera session or (eeek) an IE session. Additionally, you can't record the IP address since many universities and other more populated points of connection use IP sharing. The problem goes further, imagine you could get a hold of the MAC Address... there's nothing stopping someone from spoofing it or running a virtual machine within the same machine to open another connection. I hope this helps crystalize the issue :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On May 22, 2010, at 7:43 PM, Brandon Rampersad wrote: These third world internet providers are screwing up the IP address system with their shared IPs which defeats the entire purpose of an IP address. On Sat, May 22, 2010 at 6:19 PM, Karl DeSaulniers wrote: On May 22, 2010, at 3:37 PM, Robert Cummings wrote: This was beaten to death last week. The solution is not possible because it's not about restricting a single user from logging over multiple machines, it about restricting a single computer to only one session (so running IE, Firefox, Opera, Safari on same computer with different users would not be allowed). Cheers, Rob. Karl DeSaulniers wrote: Yeah. Don't be concerned about which browser. Just set up an active users table in your database that gets checked at login. Then it doesn't matter which machine or browser. Unless you know that the computers are giving the true ip, there is no way to keep a user from logging in with two account on the same computer. Otherwise add the active users ip to the active users table and check it as well on login Easy peasey Karl Sent from losPhone On May 22, 2010, at 12:34 AM, Gautam Bhatia wrote: On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 hi Jagdeep, I am not really sure , i got your question right but there is something you can try if this helps, in the mysql dbase add field like "loggedIn" , which can be true/false, when person logs in change it to true , so even if the person is using other browser, you can check the value from dbase, if user is already logged in or not. If that makes sense to you , good luck. regards, Gautam Bhatia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. Sorry for the top posting. Ah, I see. Don't mean to beat a dead horse. I still stand by my suggestion though. If you record the username and ip in an active user table, then set a cookie on the computer that is cross referenced with the ip and username, you will have a little better check system. Also, if you set a fall back that say checks to see if the cookie is being reset or set for the first time or if the cookie has been deleted, you can kick them. Set the cookie to expire and be reset while in session to check to see if it changes while the user is logged in. Basically, if you check for log-in status from the active user table and cross reference the ip, it will probably cover say 75% of the cases. Using the cookie and putting strict requirements for the cookie to have been pre-existing with the right ip or if it is being set for the first time, you will have a little more control. Plus you could create a blob of ips that is referenced with each username that can be cross referenced to see if a user has multiple ip sets or if two users have a similar ip. Thus a little more granular control on the computers accessing your site. But like having an expensive painting in your house, if the thief is going to put that much work in to get it, chances are they will. Just make sure its insured. :) Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- A Brandon_R Production Duley noted, but the combo of tracking ips and cookies on computers should still work. If you are checking the ip against ALL users, if two users in the active database have the same ip, then whichever has the older timestamp stays and the new one gets booted. And if your periodically checking and reassigning cookies with the ip stored, it should work. Maybe if you have a situation with multiple computers having the same ip, store the ips in a blob and then check their system info against eachother. If its the same system info, boot them. Something like using the browser's user agent identifier $_SERVER['HTTP_USER_AGENT'] with the aformentioned checks and balances. I could stand corrected, and have not had to implement such parameters, but for what they are doing, it should work. Now if you created the interface in Flash, you could control
Re: [PHP] Multiple Login in a single PC should not be possible
On May 22, 2010, at 3:37 PM, Robert Cummings wrote: This was beaten to death last week. The solution is not possible because it's not about restricting a single user from logging over multiple machines, it about restricting a single computer to only one session (so running IE, Firefox, Opera, Safari on same computer with different users would not be allowed). Cheers, Rob. Karl DeSaulniers wrote: Yeah. Don't be concerned about which browser. Just set up an active users table in your database that gets checked at login. Then it doesn't matter which machine or browser. Unless you know that the computers are giving the true ip, there is no way to keep a user from logging in with two account on the same computer. Otherwise add the active users ip to the active users table and check it as well on login Easy peasey Karl Sent from losPhone On May 22, 2010, at 12:34 AM, Gautam Bhatia wrote: On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 hi Jagdeep, I am not really sure , i got your question right but there is something you can try if this helps, in the mysql dbase add field like "loggedIn" , which can be true/false, when person logs in change it to true , so even if the person is using other browser, you can check the value from dbase, if user is already logged in or not. If that makes sense to you , good luck. regards, Gautam Bhatia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. Sorry for the top posting. Ah, I see. Don't mean to beat a dead horse. I still stand by my suggestion though. If you record the username and ip in an active user table, then set a cookie on the computer that is cross referenced with the ip and username, you will have a little better check system. Also, if you set a fall back that say checks to see if the cookie is being reset or set for the first time or if the cookie has been deleted, you can kick them. Set the cookie to expire and be reset while in session to check to see if it changes while the user is logged in. Basically, if you check for log-in status from the active user table and cross reference the ip, it will probably cover say 75% of the cases. Using the cookie and putting strict requirements for the cookie to have been pre-existing with the right ip or if it is being set for the first time, you will have a little more control. Plus you could create a blob of ips that is referenced with each username that can be cross referenced to see if a user has multiple ip sets or if two users have a similar ip. Thus a little more granular control on the computers accessing your site. But like having an expensive painting in your house, if the thief is going to put that much work in to get it, chances are they will. Just make sure its insured. :) Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
This was beaten to death last week. The solution is not possible because it's not about restricting a single user from logging over multiple machines, it about restricting a single computer to only one session (so running IE, Firefox, Opera, Safari on same computer with different users would not be allowed). Cheers, Rob. Karl DeSaulniers wrote: Yeah. Don't be concerned about which browser. Just set up an active users table in your database that gets checked at login. Then it doesn't matter which machine or browser. Unless you know that the computers are giving the true ip, there is no way to keep a user from logging in with two account on the same computer. Otherwise add the active users ip to the active users table and check it as well on login Easy peasey Karl Sent from losPhone On May 22, 2010, at 12:34 AM, Gautam Bhatia wrote: On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 hi Jagdeep, I am not really sure , i got your question right but there is something you can try if this helps, in the mysql dbase add field like "loggedIn" , which can be true/false, when person logs in change it to true , so even if the person is using other browser, you can check the value from dbase, if user is already logged in or not. If that makes sense to you , good luck. regards, Gautam Bhatia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Yeah. Don't be concerned about which browser. Just set up an active users table in your database that gets checked at login. Then it doesn't matter which machine or browser. Unless you know that the computers are giving the true ip, there is no way to keep a user from logging in with two account on the same computer. Otherwise add the active users ip to the active users table and check it as well on login Easy peasey Karl Sent from losPhone On May 22, 2010, at 12:34 AM, Gautam Bhatia wrote: On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 hi Jagdeep, I am not really sure , i got your question right but there is something you can try if this helps, in the mysql dbase add field like "loggedIn" , which can be true/false, when person logs in change it to true , so even if the person is using other browser, you can check the value from dbase, if user is already logged in or not. If that makes sense to you , good luck. regards, Gautam Bhatia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote: > Hi All! > > I am looking for a solution, I want a user to do a single Login only on a PC > . > > E.g. If a User has logged on my website website.com in Internet explorer, > then he cant login on same website in another browser like Firefox etc with > same loginid or another. > > Can I trace MAC address of a single machine to solve this issue? > > Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will > work for all browsers in a single machine.. > > I hope You will help me out > > > Regards > > Jagdeep Singh > +91 9988009272 > > hi Jagdeep, I am not really sure , i got your question right but there is something you can try if this helps, in the mysql dbase add field like "loggedIn" , which can be true/false, when person logs in change it to true , so even if the person is using other browser, you can check the value from dbase, if user is already logged in or not. If that makes sense to you , good luck. regards, Gautam Bhatia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Sat, May 15, 2010 at 10:18 AM, Robert Cummings wrote: > Ashley Sheridan wrote: > >> I see exactly the issue you have now, and there's no way round it. You >> can't identify a single machine in the way you want. >> >> Maybe you could restrict access to test answer materials to a user who >> is logged in, and then lock them out when a test is in progress for >> their username. That way, you don't have to identify a machine at all >> (what's to stop someone from opening up a laptop next to their main >> computer to circumvent your 'security' anyway?) and the only way they >> can access both course materials and the test is with two sets of login >> credentials. >> > > Just to follow-up... even if one could identify the machine, someone out > there would open up a virtual machine :) or add a second nic .., or a virtual nic, which doesnt even require additional hardware ;) -nathan
Re: [PHP] Multiple Login in a single PC should not be possible
Ashley Sheridan wrote: I see exactly the issue you have now, and there's no way round it. You can't identify a single machine in the way you want. Maybe you could restrict access to test answer materials to a user who is logged in, and then lock them out when a test is in progress for their username. That way, you don't have to identify a machine at all (what's to stop someone from opening up a laptop next to their main computer to circumvent your 'security' anyway?) and the only way they can access both course materials and the test is with two sets of login credentials. Just to follow-up... even if one could identify the machine, someone out there would open up a virtual machine :) Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Sat, 2010-05-15 at 11:50 +0100, Lester Caine wrote: > This was bounced back to the list because of the php crap of needing to use > 'reply all' - I SHOULD have used 'reply' in this case as jagdeep's email was > to > ME, but I automatically 'reply all' and replace return address with the list > email to kill off all the extras! > > Ashley Sheridan wrote: > > On Sat, 2010-05-15 at 08:18 +0100, Lester Caine wrote: > >> Jagdeep Singh wrote: > >> > How can I define"Machine"? > >> > >> That IS the problem. As with a lot of this stuff - nothing was ever > >> actually > >> DESIGNED to work :( So $_SERVER["REMOTE_ADDR"] will block multiple > >> machines if > >> they are sharing the one connection. I've been lucky so far in that > >> 'REMOTE_ADDR' CAN be resolved to a machine in my own case. > >> > >> This like 'tzoffset' is an area where the simplest basic functions > >> actually need > >> to be fixed. If you are working cross timezones have you considered the > >> problem > >> of knowing the right time where daylight saving is important. My users > >> have to > >> set their correct daylight saving zone in their profile. 'tzoffset' is no > >> use. > >> > >> Both of these are areas that need fixing? > >> > >> ( As an aside ... some schools are now using 'virtual' desktops, so several > >> pupils may WELL be working on the one 'virtual server' but each in their > >> own > >> sessions. This makes it impossible to identify the individual users as > >> well ) > > > I explained off-list how you could do this. Create a hash of the > > machines IP and browser with the username of the logged in user: > > > > md5($ip . $browser . $username); > > > > And store that in the database when they log in. Now each time they > > perform an action, create a hash from those same bits of information > > again and check it against the one created when they logged in. > > We have already identified that THIS will not work is this case. It is not > unreasonable to want to restrict the number of users on a single machine. So > you > keep the machine use separate to the user login ... AS STATED the problem is > identifying a machine in the first place. > > > You can't access their Mac address. Many people on the list have > > explained that to you now. I'm not sure why an e-learning module needs > > such strict requirements, as it's perfectly valid that a user might want > > to use more than one browser at a time. > > It is also not unreasonable that one may want to restrict access to something > in > the way specified. If one is RUNNING on-line testing, then having the answers > open in another browser is something that it might be nice to block ;) > Because > the simple matter of uniquely identifying a machine on the internet IS > impossible currently then we have to come up with some other way of blocking > things, but to be honest. On-line testing is a silly idea anyway since there > are > many ways of cheating that even these locks would not prevent ;) In my own > case, > restricting a machine to a single user is essential and I simply need to > block > other users when the machine is 'in use'. $_SERVER["REMOTE_ADDR"] is internal > to > the intranet so no problem. > > Personally I think the demands from the 'privacy' camp is simply playing into > the hands of the criminals. EVERY machine should report it's ID and this can > then be used to kill off the con men. Perhaps when IPv6 is in full use then > every computer can be uniquely identified? THEN $_SERVER["REMOTE_ADDR"] will > work properly we just have to ensure that 'cloaning' of ID's is always > flagged in transit. > > -- > Lester Caine - G8HFL > - > Contact - http://lsces.co.uk/wiki/?page=contact > L.S.Caine Electronic Services - http://lsces.co.uk > EnquirySolve - http://enquirysolve.com/ > Model Engineers Digital Workshop - http://medw.co.uk// > Firebird - http://www.firebirdsql.org/index.php > I see exactly the issue you have now, and there's no way round it. You can't identify a single machine in the way you want. Maybe you could restrict access to test answer materials to a user who is logged in, and then lock them out when a test is in progress for their username. That way, you don't have to identify a machine at all (what's to stop someone from opening up a laptop next to their main computer to circumvent your 'security' anyway?) and the only way they can access both course materials and the test is with two sets of login credentials. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Multiple Login in a single PC should not be possible
This was bounced back to the list because of the php crap of needing to use 'reply all' - I SHOULD have used 'reply' in this case as jagdeep's email was to ME, but I automatically 'reply all' and replace return address with the list email to kill off all the extras! Ashley Sheridan wrote: On Sat, 2010-05-15 at 08:18 +0100, Lester Caine wrote: Jagdeep Singh wrote: > How can I define"Machine"? That IS the problem. As with a lot of this stuff - nothing was ever actually DESIGNED to work :( So $_SERVER["REMOTE_ADDR"] will block multiple machines if they are sharing the one connection. I've been lucky so far in that 'REMOTE_ADDR' CAN be resolved to a machine in my own case. This like 'tzoffset' is an area where the simplest basic functions actually need to be fixed. If you are working cross timezones have you considered the problem of knowing the right time where daylight saving is important. My users have to set their correct daylight saving zone in their profile. 'tzoffset' is no use. Both of these are areas that need fixing? ( As an aside ... some schools are now using 'virtual' desktops, so several pupils may WELL be working on the one 'virtual server' but each in their own sessions. This makes it impossible to identify the individual users as well ) I explained off-list how you could do this. Create a hash of the machines IP and browser with the username of the logged in user: md5($ip . $browser . $username); And store that in the database when they log in. Now each time they perform an action, create a hash from those same bits of information again and check it against the one created when they logged in. We have already identified that THIS will not work is this case. It is not unreasonable to want to restrict the number of users on a single machine. So you keep the machine use separate to the user login ... AS STATED the problem is identifying a machine in the first place. You can't access their Mac address. Many people on the list have explained that to you now. I'm not sure why an e-learning module needs such strict requirements, as it's perfectly valid that a user might want to use more than one browser at a time. It is also not unreasonable that one may want to restrict access to something in the way specified. If one is RUNNING on-line testing, then having the answers open in another browser is something that it might be nice to block ;) Because the simple matter of uniquely identifying a machine on the internet IS impossible currently then we have to come up with some other way of blocking things, but to be honest. On-line testing is a silly idea anyway since there are many ways of cheating that even these locks would not prevent ;) In my own case, restricting a machine to a single user is essential and I simply need to block other users when the machine is 'in use'. $_SERVER["REMOTE_ADDR"] is internal to the intranet so no problem. Personally I think the demands from the 'privacy' camp is simply playing into the hands of the criminals. EVERY machine should report it's ID and this can then be used to kill off the con men. Perhaps when IPv6 is in full use then every computer can be uniquely identified? THEN $_SERVER["REMOTE_ADDR"] will work properly we just have to ensure that 'cloaning' of ID's is always flagged in transit. -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Sat, 2010-05-15 at 08:18 +0100, Lester Caine wrote: > Jagdeep Singh wrote: > > How can I define "Machine"? > > That IS the problem. As with a lot of this stuff - nothing was ever actually > DESIGNED to work :( So $_SERVER["REMOTE_ADDR"] will block multiple machines > if > they are sharing the one connection. I've been lucky so far in that > 'REMOTE_ADDR' CAN be resolved to a machine in my own case. > > This like 'tzoffset' is an area where the simplest basic functions actually > need > to be fixed. If you are working cross timezones have you considered the > problem > of knowing the right time where daylight saving is important. My users have > to > set their correct daylight saving zone in their profile. 'tzoffset' is no use. > > Both of these are areas that need fixing? > > ( As an aside ... some schools are now using 'virtual' desktops, so several > pupils may WELL be working on the one 'virtual server' but each in their own > sessions. This makes it impossible to identify the individual users as well ) > > -- > Lester Caine - G8HFL > - > Contact - http://lsces.co.uk/wiki/?page=contact > L.S.Caine Electronic Services - http://lsces.co.uk > EnquirySolve - http://enquirysolve.com/ > Model Engineers Digital Workshop - http://medw.co.uk// > Firebird - http://www.firebirdsql.org/index.php > I explained off-list how you could do this. Create a hash of the machines IP and browser with the username of the logged in user: md5($ip . $browser . $username); And store that in the database when they log in. Now each time they perform an action, create a hash from those same bits of information again and check it against the one created when they logged in. You can't access their Mac address. Many people on the list have explained that to you now. I'm not sure why an e-learning module needs such strict requirements, as it's perfectly valid that a user might want to use more than one browser at a time. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Multiple Login in a single PC should not be possible
Jagdeep Singh wrote: How can I define "Machine"? That IS the problem. As with a lot of this stuff - nothing was ever actually DESIGNED to work :( So $_SERVER["REMOTE_ADDR"] will block multiple machines if they are sharing the one connection. I've been lucky so far in that 'REMOTE_ADDR' CAN be resolved to a machine in my own case. This like 'tzoffset' is an area where the simplest basic functions actually need to be fixed. If you are working cross timezones have you considered the problem of knowing the right time where daylight saving is important. My users have to set their correct daylight saving zone in their profile. 'tzoffset' is no use. Both of these are areas that need fixing? ( As an aside ... some schools are now using 'virtual' desktops, so several pupils may WELL be working on the one 'virtual server' but each in their own sessions. This makes it impossible to identify the individual users as well ) -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
I am working on e-learning module... On Sat, May 15, 2010 at 12:03 PM, Robert Cummings wrote: > Jagdeep Singh wrote: > >> Hi! >> >> Thanks for all the replies... But may of the solutions are not for my >> question. >> >> Friends! >> >> E.g. : If user1 has logged in Internet Explorer on IP adress (Say IP - A) >> with MAC Adress (MAC-X) >> Then No other user can login on that IP (IP-A) AND MAC Adress (MAC-X) on >> any >> other browser say Firefox. >> >> I can stop any user to login more than one time at two different >> machines.. >> >> But I am unable to stop Multiple logins on same machine (ofcourse on >> different Browsers) Because each browser has different SESSION and Cookie >> system. >> >> I hope problem is very clear now.. >> > > Oh, I see... you don't even want 2 DIFFERENT users on the same computer to > log in at the same time. Hah, you must be doing an online game or something. > You cannot do what you want to do. > > > Cheers, > Rob. > -- > http://www.interjinn.com > Application and Templating Framework for PHP >
Re: [PHP] Multiple Login in a single PC should not be possible
Jagdeep Singh wrote: Hi! Thanks for all the replies... But may of the solutions are not for my question. But I am unable to stop Multiple logins on same machine (ofcourse on different Browsers) Because each browser has different SESSION and Cookie system. As I have already said ... you need to maintain a list of 'logged in' machines in addition to the 'logged in' users. You check any new login against the machine list as well as the user list. You ARE right in that a different browser will not have the cookie settings, but in YOUR case, simply do not use browser based 'storage'. Store the settings so that authentication from a different browser will return the current logged in status. I'm not worried about different browsers, but if the browser 'connection' is lost, then reopening it and trying to log in again takes you back to the point where the connection was lost. Should work cross browser, and does work IE6 to IE7 or 8. -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Jagdeep Singh wrote: Hi! Thanks for all the replies... But may of the solutions are not for my question. Friends! E.g. : If user1 has logged in Internet Explorer on IP adress (Say IP - A) with MAC Adress (MAC-X) Then No other user can login on that IP (IP-A) AND MAC Adress (MAC-X) on any other browser say Firefox. I can stop any user to login more than one time at two different machines.. But I am unable to stop Multiple logins on same machine (ofcourse on different Browsers) Because each browser has different SESSION and Cookie system. I hope problem is very clear now.. Oh, I see... you don't even want 2 DIFFERENT users on the same computer to log in at the same time. Hah, you must be doing an online game or something. You cannot do what you want to do. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Hi! Thanks for all the replies... But may of the solutions are not for my question. Friends! E.g. : If user1 has logged in Internet Explorer on IP adress (Say IP - A) with MAC Adress (MAC-X) Then No other user can login on that IP (IP-A) AND MAC Adress (MAC-X) on any other browser say Firefox. I can stop any user to login more than one time at two different machines.. But I am unable to stop Multiple logins on same machine (ofcourse on different Browsers) Because each browser has different SESSION and Cookie system. I hope problem is very clear now.. regards Jagdeep Singh On Fri, May 14, 2010 at 9:51 PM, tedd wrote: > At 12:48 PM +0530 5/14/10, Jagdeep Singh wrote: > >> Hi All! >> >> I am looking for a solution, I want a user to do a single Login only on a >> PC >> . >> >> E.g. If a User has logged on my website website.com in Internet explorer, >> then he cant login on same website in another browser like Firefox etc >> with >> same loginid or another. >> >> Can I trace MAC address of a single machine to solve this issue? >> >> Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will >> work for all browsers in a single machine.. >> >> I hope You will help me out >> >> >> Regards >> >> Jagdeep Singh >> +91 9988009272 >> > > Jagdeep: > > I don't think this is solvable. > > You can make it such that if a person is logged-in that they cannot log-in > again until they log-out of their current session -- that's do able. > > But using IP addresses, or trying to sniff the machine, or other such > attempts at identifying user will most certainly be problematic and not > solve the problem. > > Good luck, > > tedd > > -- > --- > http://sperling.com http://ancientstones.com http://earthstones.com >
Re: [PHP] Multiple Login in a single PC should not be possible
At 12:48 PM +0530 5/14/10, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 Jagdeep: I don't think this is solvable. You can make it such that if a person is logged-in that they cannot log-in again until they log-out of their current session -- that's do able. But using IP addresses, or trying to sniff the machine, or other such attempts at identifying user will most certainly be problematic and not solve the problem. Good luck, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On 14 May 2010 15:26, Bob McConnell wrote: > From: Richard Quadling > >>On 14 May 2010 14:47, Bob McConnell wrote: >>> Actually, I believe that linking a session to a specific individual >>> without reading a biometric key with every http request is an >>> unacceptable risk. And no, I don't do any banking online. >> >> That's why my bank has supplied me with a little card reader for my >> bank card, into which I put my pin number. >> >> So they know it is me because of something I have (my card and card >> reader) and something I know (my pin number). >> >> This is pretty similar to the system we use for our online BACS > transactions. >> >> And yes, I do online banking. > > That only verifies that it was probably you that initially logged in. > There is nothing to prevent someone else from knocking you out and using > the session once you have completed that step, or hijacking it after you > are done. There are any number of ways to intercept your traffic, such > as a poisoned DNS server misdirecting your browser through a man in the > middle. > > Even without that, how long would it take someone else to 'discover' > your four digit PIN number if they wanted to? Probably less than an hour > with only possible variations. That's nowhere near safe enough for > me. > > Bob McConnell > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > The pin pad requires my 4 digit pin and generates an 8 digit number which is required by the bank's web site (100 million combinations and must match expectation on the server). The 8 digit number is different every time. And 3 failed logins disables the login until I go through security via the phone. And then I still have to use the same data to try again. The channel is https ONLY - you cannot login on http. I also keep my front door locked and I trust my wife and kids to not knock me out, though the way the kids play up sometimes ... DNS poisoning is certainly a possibility. The Blue Frog incident a few years ago certainly revealed a weakness in DNS servers (the operators). And you are right, essentially a man-in-the-middle is still not defendable (AFAIK). -- - Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Hello Jagdeep, I think that using the user table will fix your first problem of having a single user tied to a browser for the same machine or even a different machine. Once logged in that same user cannot login again. For your second issue, I do not think is possible to keep track of anything that will not allow user1 to login using Internet Explorer and then user2 to come along open Firefox and log in using the same machine as sessions are kept separately and will look different on the server. Unless you can actually use something to identify the computer as per your question of tracking MAC addresses I do not see this as being possible. But then again I'm no expert. Just my thoughts. Good Luck. On 14/05/2010 03:18, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272
RE: [PHP] Multiple Login in a single PC should not be possible
On Fri, 2010-05-14 at 10:26 -0400, Bob McConnell wrote: > From: Richard Quadling > > >On 14 May 2010 14:47, Bob McConnell wrote: > >> Actually, I believe that linking a session to a specific individual > >> without reading a biometric key with every http request is an > >> unacceptable risk. And no, I don't do any banking online. > > > > That's why my bank has supplied me with a little card reader for my > > bank card, into which I put my pin number. > > > > So they know it is me because of something I have (my card and card > > reader) and something I know (my pin number). > > > > This is pretty similar to the system we use for our online BACS > transactions. > > > > And yes, I do online banking. > > That only verifies that it was probably you that initially logged in. > There is nothing to prevent someone else from knocking you out and using > the session once you have completed that step, or hijacking it after you > are done. There are any number of ways to intercept your traffic, such > as a poisoned DNS server misdirecting your browser through a man in the > middle. > > Even without that, how long would it take someone else to 'discover' > your four digit PIN number if they wanted to? Probably less than an hour > with only possible variations. That's nowhere near safe enough for > me. > > Bob McConnell > Actually, a 4-digit pin has 10,000 combinations ( through inclusively) It becomes more interesting if you allow for letters as well, with case sensitivity, so the permutations would become 62^4 (52 letters & 10 numbers) Thanks, Ash http://www.ashleysheridan.co.uk
RE: [PHP] Multiple Login in a single PC should not be possible
From: Richard Quadling >On 14 May 2010 14:47, Bob McConnell wrote: >> Actually, I believe that linking a session to a specific individual >> without reading a biometric key with every http request is an >> unacceptable risk. And no, I don't do any banking online. > > That's why my bank has supplied me with a little card reader for my > bank card, into which I put my pin number. > > So they know it is me because of something I have (my card and card > reader) and something I know (my pin number). > > This is pretty similar to the system we use for our online BACS transactions. > > And yes, I do online banking. That only verifies that it was probably you that initially logged in. There is nothing to prevent someone else from knocking you out and using the session once you have completed that step, or hijacking it after you are done. There are any number of ways to intercept your traffic, such as a poisoned DNS server misdirecting your browser through a man in the middle. Even without that, how long would it take someone else to 'discover' your four digit PIN number if they wanted to? Probably less than an hour with only possible variations. That's nowhere near safe enough for me. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On 14 May 2010 14:47, Bob McConnell wrote: > Actually, I believe that linking a session to a specific individual > without reading a biometric key with every http request is an > unacceptable risk. And no, I don't do any banking online. > > Bob McConnell That's why my bank has supplied me with a little card reader for my bank card, into which I put my pin number. So they know it is me because of something I have (my card and card reader) and something I know (my pin number). This is pretty similar to the system we use for our online BACS transactions. And yes, I do online banking. -- - Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Multiple Login in a single PC should not be possible
From: Robert Cummings > Bob McConnell wrote: >> Web servers can only identify computers, not users. You will need >> something else to track which user started a specific application on a >> particular computer, probably a fingerprint scanner next to the >> keyboard. But that won't prevent someone else from replacing the entity >> between the keyboard and the chair after they log in. Plus, it is >> unlikely that will be useful in a true multi-user environment. There are >> simply too many possible ways to get around your restrictions. > > Isn't it simple to associate a single session ID with a username? User > logs in, place username and session ID in active users table and > invalidate any others for same user. When user accesses page check > session ID against entry in active users table. Richard Quadling has it > right. This is not complicated, but it sounds like people are making it > so. The user identified themselves via login. >From the series of questions he asked, it was not clear to me what he was trying to do. It sounded like he wanted to allow a user to access a single session simultaneously via multiple browsers, yet not allow another person to hijack that session even if both were using the same computer. Somehow I don't think all of that is a reasonable requirement. Actually, I believe that linking a session to a specific individual without reading a biometric key with every http request is an unacceptable risk. And no, I don't do any banking online. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Fri, May 14, 2010 at 3:18 AM, Jagdeep Singh wrote: > Hi All! > > I am looking for a solution, I want a user to do a single Login only on a PC > . > > E.g. If a User has logged on my website website.com in Internet explorer, > then he cant login on same website in another browser like Firefox etc with > same loginid or another. > > Can I trace MAC address of a single machine to solve this issue? > > Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will > work for all browsers in a single machine.. > > I hope You will help me out > > > Regards > > Jagdeep Singh I usually store the sessions in a database table that includes a column for the user identity (username, e-mail address, etc.) and then simply log out any previous "active" sessions any time a new session logs in by deleting (or marking inactive) any rows for the same identity whose session_id does not match the current session_id. That ensures that users can have no more than one active session at a time. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Bob McConnell wrote: Web servers can only identify computers, not users. You will need something else to track which user started a specific application on a particular computer, probably a fingerprint scanner next to the keyboard. But that won't prevent someone else from replacing the entity between the keyboard and the chair after they log in. Plus, it is unlikely that will be useful in a true multi-user environment. There are simply too many possible ways to get around your restrictions. Isn't it simple to associate a single session ID with a username? User logs in, place username and session ID in active users table and invalidate any others for same user. When user accesses page check session ID against entry in active users table. Richard Quadling has it right. This is not complicated, but it sounds like people are making it so. The user identified themselves via login. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On May 14, 2010, at 3:18 AM, Jagdeep Singh wrote: > Hi All! > > I am looking for a solution, I want a user to do a single Login only on a PC > . > > E.g. If a User has logged on my website website.com in Internet explorer, > then he cant login on same website in another browser like Firefox etc with > same loginid or another. > > Can I trace MAC address of a single machine to solve this issue? > > Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will > work for all browsers in a single machine.. > > I hope You will help me out > > > Regards > > Jagdeep Singh > +91 9988009272 If you store sessions in a MySQL table you could access that table to see if the user is still logged in and when the last time the session data was updated. Take care, Floyd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Multiple Login in a single PC should not be possible
Web servers can only identify computers, not users. You will need something else to track which user started a specific application on a particular computer, probably a fingerprint scanner next to the keyboard. But that won't prevent someone else from replacing the entity between the keyboard and the chair after they log in. Plus, it is unlikely that will be useful in a true multi-user environment. There are simply too many possible ways to get around your restrictions. Bob McConnell -Original Message- From: Jagdeep Singh [mailto:jagsaini1...@gmail.com] Sent: Friday, May 14, 2010 4:26 AM To: Peter Lind Cc: Lester Caine; php-general@lists.php.net >> "php-general@lists.php.net" Subject: Re: [PHP] Multiple Login in a single PC should not be possible Hi, yes, I can make a databse table to record LOGIN details, But I want that No other user can login on same machine on smae or another browser. E.g. If user1 has logged in from IE then user2 should not login from Firefox or Chrome etc.. I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same or Other broswers) Regards Jagdeep Singh On Fri, May 14, 2010 at 1:26 PM, Peter Lind wrote: > On 14 May 2010 09:29, Lester Caine wrote: > > Jagdeep Singh wrote: > >> > >> Hi All! > >> > >> I am looking for a solution, I want a user to do a single Login only on > a > >> PC > >> . > >> > >> E.g. If a User has logged on my website website.com in Internet > explorer, > >> then he cant login on same website in another browser like Firefox etc > >> with > >> same loginid or another. > >> > >> Can I trace MAC address of a single machine to solve this issue? > > > > The browser IP address works for us quite reliably. Once logged in, you > get > > a message saying already logged on ... and where ... but it does need a > > little help if the user closes the browser without logging out. One needs > a > > facility to 'bounce' a user now and again however some remote users > may > > well have 'floating' IP addresses :( > > > > Don't rely on IP addresses staying the same for a user, it's not safe > in any way and not needed anyway. Karls method is probably the best > bet - just remember to record "last accessed time" so anyone not > accessing for more than 15-20 minutes will succeed if trying to log in > again. > > Regards > Peter > > -- > > WWW: http://plphp.dk / http://plind.dk > LinkedIn: http://www.linkedin.com/in/plind > Flickr: http://www.flickr.com/photos/fake51 > BeWelcome: Fake51 > Couchsurfing: Fake51 > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Fri, 2010-05-14 at 04:26 -0500, Karl DeSaulniers wrote: > Only other thing I could think of is a session timeout. > Because if two people are using the same computer, one person is > going to be away long enough to time out. > > HTH > > Karl > > > > On May 14, 2010, at 4:21 AM, Karl DeSaulniers wrote: > > > Hi J, > > Well, if you have an active users table with a users name in it and > > you check when logging in to see if that users name is in that table, > > They can not log in again. No matter what machine or browser they > > are in. > > > > As far as another user logging in on that same machine, you could > > match a cookie on the machine and the database that holds what > > browser they are using and username, an MD5 ip, etc. > > But someone can always delete cookies and some even know how to > > bounce ip addresses, so unless you have a bunch of hackers using > > your machines, these suggestions should work. > > Unless someone else has a better suggestion. > > GL, > > > > :) > > > > Karl > > > > > > On May 14, 2010, at 4:08 AM, Jagdeep Singh wrote: > > > >> I want that only single user can login on a single machine If > >> User has logged in one browser he should not login through 2nd > >> browser... > >> > >> And no other user should login on same machine in any browser > >> > >> in Simple words: > >> > >> MAXIMUM ONE USER SHOULD LOGIN IN ONE MACHINE... > >> > >> On Fri, May 14, 2010 at 2:23 PM, Karl DeSaulniers > >> wrote: > >> You lost me on that one. > >> > >> You want it so that multiple users can log in, but they have to be > >> on separate browsers? > >> > >> > >> Karl > >> > >> > >> > >> On May 14, 2010, at 3:26 AM, Jagdeep Singh wrote: > >> > >> Hi, > >> > >> yes, I can make a databse table to record LOGIN details, But I > >> want that No > >> other user can login on same machine on smae or another browser. > >> > >> E.g. > >> > >> If user1 has logged in from IE then user2 should not login from > >> Firefox or > >> Chrome etc.. > >> > >> I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same > >> or Other > >> broswers) > >> > >> Regards > >> > >> Jagdeep Singh > >> > >> On Fri, May 14, 2010 at 1:26 PM, Peter Lind > >> wrote: > >> > >> On 14 May 2010 09:29, Lester Caine wrote: > >> Jagdeep Singh wrote: > >> > >> Hi All! > >> > >> I am looking for a solution, I want a user to do a single Login > >> only on > >> a > >> PC > >> . > >> > >> E.g. If a User has logged on my website website.com in Internet > >> explorer, > >> then he cant login on same website in another browser like Firefox > >> etc > >> with > >> same loginid or another. > >> > >> Can I trace MAC address of a single machine to solve this issue? > >> > >> The browser IP address works for us quite reliably. Once logged > >> in, you > >> get > >> a message saying already logged on ... and where ... but it does > >> need a > >> little help if the user closes the browser without logging out. > >> One needs > >> a > >> facility to 'bounce' a user now and again however some remote > >> users > >> may > >> well have 'floating' IP addresses :( > >> > >> > >> Don't rely on IP addresses staying the same for a user, it's not safe > >> in any way and not needed anyway. Karls method is probably the best > >> bet - just remember to record "last accessed time" so anyone not > >> accessing for more than 15-20 minutes will succeed if trying to > >> log in > >> again. > >> > >> Regards > >> Peter > >> > >> -- > >> > >> WWW: http://plphp.dk / http://plind.dk > >> LinkedIn: http://www.linkedin.com/in/plind > >> Flickr: http://www.flickr.com/photos/fake51 > >> BeWelcome: Fake51 > >> Couchsurfing: Fake51 > >> > >> > >> > >> Karl DeSaulniers > >> Design Drumm > >> http://designdrumm.com > >> > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > Karl DeSaulniers > > Design Drumm > > http://designdrumm.com > > > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > > Why do you not want a user to be able to log into your system with another browser on the same machine? There is no way to grab the MAC address, and using the IP address is, as others have already mentioned on this thread, unreliable (consider a dozen employees in an office who will all be using the same external connection, ergo the same IP) It seems that a token might be the best method. You can store other information you get from the user agent if you want to try and pin down a particular user. Is it really necessary though? I use Firefox in the main as my browser, but occasionally an update of xul without an update of Fx will kill Fx, so I'm forced to use another browser temporarily. Likewise, people who use IE are more susceptible to virii, and the advice given to IE users is to use another browser such as Fx or Chrome. What I'm trying to say is that often people will have very legitimate reasons to be
Re: [PHP] Multiple Login in a single PC should not be possible
On 14 May 2010 08:18, Jagdeep Singh wrote: > Hi All! > > I am looking for a solution, I want a user to do a single Login only on a PC > . > > E.g. If a User has logged on my website website.com in Internet explorer, > then he cant login on same website in another browser like Firefox etc with > same loginid or another. > > Can I trace MAC address of a single machine to solve this issue? > > Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will > work for all browsers in a single machine.. > > I hope You will help me out > > > Regards > > Jagdeep Singh > +91 9988009272 > Store the session id against the user table when they login if there is no session id currently stored for the user. On all secure pages, compare the current session id against the stored session id for their login. If they are the same, then this is the same user in the same session. At this stage, you can regenerate the session id and store a new one against the user. Essentially making the session id active for a single page only. If the sessions are different you can now either ... 1 -Tell the user that you can only have 1 active login per account and send them back to the home page (ideally an unsecured page where the browser won't automatically attempt to login by using remembered passwords.). 2 - Clear the session against the user table and tag the account so that all instances can be told that only 1 active account per login. Essentially logging the other user out - not nice but if multiple logins are in violation of an agreement, then all suffer. It does allow a "real" user to know that their details are known if they didn't attempt the second login. You also need to incorporate a time out to allow the first login to automatically expire without needing a logout. If you use the same timeout as the session timeout, then they will sync, but you will need to update the DB on each page request. A logout should clear the sessionid and the expiry info from the user table. Richard. -- - Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Only other thing I could think of is a session timeout. Because if two people are using the same computer, one person is going to be away long enough to time out. HTH Karl On May 14, 2010, at 4:21 AM, Karl DeSaulniers wrote: Hi J, Well, if you have an active users table with a users name in it and you check when logging in to see if that users name is in that table, They can not log in again. No matter what machine or browser they are in. As far as another user logging in on that same machine, you could match a cookie on the machine and the database that holds what browser they are using and username, an MD5 ip, etc. But someone can always delete cookies and some even know how to bounce ip addresses, so unless you have a bunch of hackers using your machines, these suggestions should work. Unless someone else has a better suggestion. GL, :) Karl On May 14, 2010, at 4:08 AM, Jagdeep Singh wrote: I want that only single user can login on a single machine If User has logged in one browser he should not login through 2nd browser... And no other user should login on same machine in any browser in Simple words: MAXIMUM ONE USER SHOULD LOGIN IN ONE MACHINE... On Fri, May 14, 2010 at 2:23 PM, Karl DeSaulniers wrote: You lost me on that one. You want it so that multiple users can log in, but they have to be on separate browsers? Karl On May 14, 2010, at 3:26 AM, Jagdeep Singh wrote: Hi, yes, I can make a databse table to record LOGIN details, But I want that No other user can login on same machine on smae or another browser. E.g. If user1 has logged in from IE then user2 should not login from Firefox or Chrome etc.. I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same or Other broswers) Regards Jagdeep Singh On Fri, May 14, 2010 at 1:26 PM, Peter Lind wrote: On 14 May 2010 09:29, Lester Caine wrote: Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? The browser IP address works for us quite reliably. Once logged in, you get a message saying already logged on ... and where ... but it does need a little help if the user closes the browser without logging out. One needs a facility to 'bounce' a user now and again however some remote users may well have 'floating' IP addresses :( Don't rely on IP addresses staying the same for a user, it's not safe in any way and not needed anyway. Karls method is probably the best bet - just remember to record "last accessed time" so anyone not accessing for more than 15-20 minutes will succeed if trying to log in again. Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Hi J, Well, if you have an active users table with a users name in it and you check when logging in to see if that users name is in that table, They can not log in again. No matter what machine or browser they are in. As far as another user logging in on that same machine, you could match a cookie on the machine and the database that holds what browser they are using and username, an MD5 ip, etc. But someone can always delete cookies and some even know how to bounce ip addresses, so unless you have a bunch of hackers using your machines, these suggestions should work. Unless someone else has a better suggestion. GL, :) Karl On May 14, 2010, at 4:08 AM, Jagdeep Singh wrote: I want that only single user can login on a single machine If User has logged in one browser he should not login through 2nd browser... And no other user should login on same machine in any browser in Simple words: MAXIMUM ONE USER SHOULD LOGIN IN ONE MACHINE... On Fri, May 14, 2010 at 2:23 PM, Karl DeSaulniers wrote: You lost me on that one. You want it so that multiple users can log in, but they have to be on separate browsers? Karl On May 14, 2010, at 3:26 AM, Jagdeep Singh wrote: Hi, yes, I can make a databse table to record LOGIN details, But I want that No other user can login on same machine on smae or another browser. E.g. If user1 has logged in from IE then user2 should not login from Firefox or Chrome etc.. I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same or Other broswers) Regards Jagdeep Singh On Fri, May 14, 2010 at 1:26 PM, Peter Lind wrote: On 14 May 2010 09:29, Lester Caine wrote: Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? The browser IP address works for us quite reliably. Once logged in, you get a message saying already logged on ... and where ... but it does need a little help if the user closes the browser without logging out. One needs a facility to 'bounce' a user now and again however some remote users may well have 'floating' IP addresses :( Don't rely on IP addresses staying the same for a user, it's not safe in any way and not needed anyway. Karls method is probably the best bet - just remember to record "last accessed time" so anyone not accessing for more than 15-20 minutes will succeed if trying to log in again. Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Karl DeSaulniers Design Drumm http://designdrumm.com
Re: [PHP] Multiple Login in a single PC should not be possible
You lost me on that one. You want it so that multiple users can log in, but they have to be on separate browsers? Karl On May 14, 2010, at 3:26 AM, Jagdeep Singh wrote: Hi, yes, I can make a databse table to record LOGIN details, But I want that No other user can login on same machine on smae or another browser. E.g. If user1 has logged in from IE then user2 should not login from Firefox or Chrome etc.. I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same or Other broswers) Regards Jagdeep Singh On Fri, May 14, 2010 at 1:26 PM, Peter Lind wrote: On 14 May 2010 09:29, Lester Caine wrote: Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? The browser IP address works for us quite reliably. Once logged in, you get a message saying already logged on ... and where ... but it does need a little help if the user closes the browser without logging out. One needs a facility to 'bounce' a user now and again however some remote users may well have 'floating' IP addresses :( Don't rely on IP addresses staying the same for a user, it's not safe in any way and not needed anyway. Karls method is probably the best bet - just remember to record "last accessed time" so anyone not accessing for more than 15-20 minutes will succeed if trying to log in again. Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Jagdeep Singh wrote: Hi, yes, I can make a databse table to record LOGIN details, But I want that No other user can login on same machine on smae or another browser. E.g. If user1 has logged in from IE then user2 should not login from Firefox or Chrome etc.. I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same or Other broswers) I'm doing almost exactly that on my CMS system. But we have the advantage that it is intranet, so we can cleanly identify the machines. Once a counter position is in use no one else can log in to that machine, and while loged in there a user can't login again. We can't easily add a 'timeout' since some interviews can take over an hour and the position remains locked for the whole period, but supervisor access allows a 'stuck user' to be bounced so they can log in again. If you don't have such control over the machines, then you may need to do a little more work to build up a list of 'active machines' in parallel with the 'active user' table. -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Hi, yes, I can make a databse table to record LOGIN details, But I want that No other user can login on same machine on smae or another browser. E.g. If user1 has logged in from IE then user2 should not login from Firefox or Chrome etc.. I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same or Other broswers) Regards Jagdeep Singh On Fri, May 14, 2010 at 1:26 PM, Peter Lind wrote: > On 14 May 2010 09:29, Lester Caine wrote: > > Jagdeep Singh wrote: > >> > >> Hi All! > >> > >> I am looking for a solution, I want a user to do a single Login only on > a > >> PC > >> . > >> > >> E.g. If a User has logged on my website website.com in Internet > explorer, > >> then he cant login on same website in another browser like Firefox etc > >> with > >> same loginid or another. > >> > >> Can I trace MAC address of a single machine to solve this issue? > > > > The browser IP address works for us quite reliably. Once logged in, you > get > > a message saying already logged on ... and where ... but it does need a > > little help if the user closes the browser without logging out. One needs > a > > facility to 'bounce' a user now and again however some remote users > may > > well have 'floating' IP addresses :( > > > > Don't rely on IP addresses staying the same for a user, it's not safe > in any way and not needed anyway. Karls method is probably the best > bet - just remember to record "last accessed time" so anyone not > accessing for more than 15-20 minutes will succeed if trying to log in > again. > > Regards > Peter > > -- > > WWW: http://plphp.dk / http://plind.dk > LinkedIn: http://www.linkedin.com/in/plind > Flickr: http://www.flickr.com/photos/fake51 > BeWelcome: Fake51 > Couchsurfing: Fake51 > >
Re: [PHP] Multiple Login in a single PC should not be possible
On 14 May 2010 09:29, Lester Caine wrote: > Jagdeep Singh wrote: >> >> Hi All! >> >> I am looking for a solution, I want a user to do a single Login only on a >> PC >> . >> >> E.g. If a User has logged on my website website.com in Internet explorer, >> then he cant login on same website in another browser like Firefox etc >> with >> same loginid or another. >> >> Can I trace MAC address of a single machine to solve this issue? > > The browser IP address works for us quite reliably. Once logged in, you get > a message saying already logged on ... and where ... but it does need a > little help if the user closes the browser without logging out. One needs a > facility to 'bounce' a user now and again however some remote users may > well have 'floating' IP addresses :( > Don't rely on IP addresses staying the same for a user, it's not safe in any way and not needed anyway. Karls method is probably the best bet - just remember to record "last accessed time" so anyone not accessing for more than 15-20 minutes will succeed if trying to log in again. Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
On Fri, May 14, 2010 at 12:29 AM, Lester Caine wrote: > Jagdeep Singh wrote: >> >> Hi All! >> >> I am looking for a solution, I want a user to do a single Login only on a >> PC >> . >> >> E.g. If a User has logged on my website website.com in Internet explorer, >> then he cant login on same website in another browser like Firefox etc >> with >> same loginid or another. >> >> Can I trace MAC address of a single machine to solve this issue? > > The browser IP address works for us quite reliably. Once logged in, you get > a message saying already logged on ... and where ... but it does need a > little help if the user closes the browser without logging out. One needs a > facility to 'bounce' a user now and again however some remote users may > well have 'floating' IP addresses :( Or in some cases, they may have multiple internet connections. I used to have 2, 1 cable and 1 DSL. I used FreeBSD's PF to do 'load balance' ;) It works really well with any apps that do multiple connections. Regards, Tommy > > Cross browser on the same machine may be a little more problematic! How > would one know that it's not just from another windows of the same browser. > Browser sniffing should allow that to be included, but we've not needed to > go that far yet. > >> Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will >> work for all browsers in a single machine.. > > Unfortunately not ... > > -- > Lester Caine - G8HFL > - > Contact - http://lsces.co.uk/wiki/?page=contact > L.S.Caine Electronic Services - http://lsces.co.uk > EnquirySolve - http://enquirysolve.com/ > Model Engineers Digital Workshop - http://medw.co.uk// > Firebird - http://www.firebirdsql.org/index.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Just remember to remove them from this table on log out. Karl Sent from losPhone On May 14, 2010, at 2:23 AM, Karl DeSaulniers wrote: Hi Jagdeep, I would make an "active users" table in your database that the username gets loaded into on successful login and in your login script also check this table before letting them log in. Karl On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? The browser IP address works for us quite reliably. Once logged in, you get a message saying already logged on ... and where ... but it does need a little help if the user closes the browser without logging out. One needs a facility to 'bounce' a user now and again however some remote users may well have 'floating' IP addresses :( Cross browser on the same machine may be a little more problematic! How would one know that it's not just from another windows of the same browser. Browser sniffing should allow that to be included, but we've not needed to go that far yet. Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. Unfortunately not ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Hi Jagdeep, I would make an "active users" table in your database that the username gets loaded into on successful login and in your login script also check this table before letting them log in. Karl On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out Regards Jagdeep Singh +91 9988009272 Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
