...

View Full Version : Checking IPs on sign up



masterofollies
05-10-2009, 03:40 PM
My website is fully run in PHP, very little html, JS.

I allow people to have up to 3 accounts, which I have a IP feature that checks for matches to see who has how many.

However I would like when they go to the register page it say something like:
(Your IP Address Logged: 100.118.50.62)

so then when they try to create an account, it'd check the database and count the number of accounts that match that IP. So if 3 or more comes up, it will cancel the register.

Any ideas on how to do this? I figure Ajax could do it easily and better, but I know 0 things about ajax.

venegal
05-10-2009, 03:56 PM
The IP Address is stored in $_SERVER['REMOTE_ADDR'], so whenever a new account is created, you should store that with the account information, so you can check afterwards, if there are already three of those.

There is no reason why adding ajax to the mix would make it any easier.

masterofollies
05-10-2009, 08:34 PM
I do log IP's which is how it checks the database for them. Do I just do something like this?


$query = mysql_query("SELECT ipaddress FROM users WHERE ipaddress='".$_SERVER['REMOTE_ADDR']."'");

$howmany = mysql_num_rows($query);

if ($howmany >= '3') {
//Cancel the register
}

venegal
05-10-2009, 08:48 PM
Yes, why not? Does it work? Or haven't you tried yet?

Len Whistler
05-10-2009, 08:58 PM
The problem with using the IP address for identification purposes is that it can change whenever the user logs off then back on to the internet. Email might be better and seems to be the standard for most sites that require signing up.


---

masterofollies
05-10-2009, 11:29 PM
The problem with using the IP address for identification purposes is that it can change whenever the user logs off then back on to the internet. Email might be better and seems to be the standard for most sites that require signing up.


---

Yes but I had a problem with someone creating like 100 accounts, and kept making new hotmail and yahoo email accounts. So I figure IP is the best way to go.

bazz
05-11-2009, 05:10 AM
some ISP's - I think I should not say which - can change IP during sessions. It is unreliable to rely on ip addresses.

This might be as reliable (but you might see the draw backs easier) - time limit each account. delete the account if they didn't login within say 2 days. it would get rid of those which were over your limit because it would be such a chore for the user to keep them active.

drawbacks I see are
1. it wouldn't limit to 3 but it would get rid of a load of the 100 or so you mentioned.
2. it would delete the genuine accounts of those who were not able to login often enough

Does a user account store much data, in terms of byteage? if not then you could delete the unused ones after say a week or so, like some ISP's do with their own email accounts.

Is there a reason why they create so many? is the process of logging in to an existing account more difficult than creating a new one, perhaps if they forget a pwd? if so, then it might be worth considering a change there.

hth

bazz



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum