Will we be able to limit login to one user per username and password in Moodle 2.0?
I need to be able to block multiple users from using the same login credentials simultaneously. In Moodle 1.9 many users could be logged in under the same username and password at the same time.
I added a hack to 1.9 that would log out user #1 when user #2 logged in with the same username and password. It works but it often requires you to login twice to get into Moodle. I hope there is a better way to do this.
Maybe someone could add logic that would test if the username and password is already in use, then block subsequent attempts to login.
Also, I'd be interested to know why you would need to do this (not because I think it's wrong to do this, I'm just curious, that's all).
Assume you are in a computer lab and you are conducting a controlled quiz using Moodle. Currently there is nothing to keep students from paying another student to take the quiz for him. All he would have to do is share his login credentials with another student and the other student could answer the quiz questions, giving credit to the cheating student. The teacher may be able to catch him by looking at the IP addresses of the students, but that assumes that he has a reason to check, and knows how to do it.
Or, if a student is careless with his login credentials, another student could login, while the student is logged in, and do malicious things to disrupt the progress of the careless student. I am sure you can think of many more such scenarios that could be prevented with some logic that would provide more login security.
There is also the problem of security for proprietary content. In my case, I am developing a desktop application that has Moodle incorporated into it. We use Moodle to manage the course instructional content and in the lessons, we include links to the desktop application to provide real time adjudication of a musical performance. The link in Moodle will open a musical exercise in the performance application that uses microphone input to help students learn musical skills. If you would like to see it work, check out my profile.
Since this is a private development (for profit), we must block multiple users from logging in using the same username and password. The code hack I have running in Moodle 1.9.9 works by logging out user 1 if user 2 logs in from a different computer. So if user 1 neglected to log off and then logs in from another computer, there is no problem because his first computer will log off automatically. Also, I am using the cron job to logout a user if he is inactive for 20 minutes. And we have developed a way to trigger the require_logout function if the user just closes the browser without logging out.
But if user 1 is surprised that he got logged off, he should assume that someone else has his login credentials and he should log back in and change his password as quickly as possible. My code hack also limits the login time to 2 hours in an effort to prevent a teacher from buying one login and then allowing multiple students to use it during the day. Also, this way we can control cost by limiting server time and bandwidth usage.
The only problem with this code is that it will require you to login twice to get in from another computer. I found the idea for this code hack in another forum (forgot where) and then I expanded it to do what I needed. I don't yet know if it will work in Moodle 2.0.
Another user abusing a user's login is a problem, but I am not convinced that restricting to one login at a time (assuming you can define that. See Davo's point about browser crashes) is not a solution.
Switching to a different, stronger, authentication plugin probably is.
I'm sorry, "incorporate" was the wrong word to use.
We have not used any of the Moodle code in our project, we just use it like any other Moodle site that contains links to proprietary websites or content.
You just click a link in a lesson that opens on your desktop instead of on another website.
And, if you will read my response to Davo's points, you will see that I have addressed the issue of browser crashes. When a user logs in, if that username and password is already in use, it logs out the first user and opens as usual.
This is the forum where I found the code I used to block simultaneous logins. I started with this code and added to it. I have not yet figured out how to make my code work in Moodle 2.0.
There is also a good discussion about this topic at:
I would love to see a better version of this incorporated into Moodle 2.0, perhapse as and option.
If anyone else is interested, here is the solution to this problem.
I developed a solution for the problem of simultaneous users using the same username and password.
I have a version that works with Moodle 1.9.9 (I have not tested it in other versions).
I have another version that works with Moodle 2.0 Preview 4+ (Build: 20100715). I hope it will continue to work with future versions of Moodle 2.0.
The code and instructions for both 1.9.0 and 2.0+ are in the attached .zip file.
This solution does not require the double login like other solutions I have tried. It is however a refinement of the code suggested in these forums and I want to thank those of you who have contributed these solutions.
Please try this solution and let me know if you find problems or you have suggestions about how to improve the script.
Thank you for sharing the code. I will try this on my server. We also need to prevent users from sharing their logins.
I think this is a solution for this issue:
We developed this plug-in so if you have some kind of trouble using it, just let us know.
Is it possible to link the plug-in to specific courses or users? My school has asked if we could designate some users to share logins and others to NOT share logins.
scratch earlier post. School changed their mind. Duplicate logins are now okay.
i have done it
I'm interested in your plug-in , but did not success in using it.
I downloaded the version for Moodle 1.9, installed it following your suggestion, but when I try the login operation for users for which I set the "uniquelogin" as authentication method, the login fails, as if I specify wrong values for username and password. Of course I made double sure I used the correct values.
Thanks in advance.
I would like to know if anyone has successfully been able to enact the above plugin. I can't figure out how to install the plugin?
Can someone please help?