Hi,
Will we be able to limit login to one user per username and password in Moodle 2.0?
I need to be able to block multiple users from using the same login credentials simultaneously. In Moodle 1.9 many users could be logged in under the same username and password at the same time.
I added a hack to 1.9 that would log out user #1 when user #2 logged in with the same username and password. It works but it often requires you to login twice to get into Moodle. I hope there is a better way to do this.
Maybe someone could add logic that would test if the username and password is already in use, then block subsequent attempts to login.
Any ideas?
Thanks,
Clarence
Will Moodle 2 block multiple users using the same login?
by Clarence Prudhoe -
Number of replies: 13
In reply to Clarence Prudhoe
Re: Will Moodle 2 block multiple users using the same login?
by Davo Smith -
My first thought is what happens if someone closes their browser, without logging out, and then tries to login again from a different computer? Would they be blocked, until they went back and logged out of the first computer (or until it timed out).
Also, I'd be interested to know why you would need to do this (not because I think it's wrong to do this, I'm just curious, that's all).
Also, I'd be interested to know why you would need to do this (not because I think it's wrong to do this, I'm just curious, that's all).
In reply to Davo Smith
Re: Will Moodle 2 block multiple users using the same login?
by Clarence Prudhoe -
There are numerous reasons why there should be a way to limit user access to one login per one user at a time.
Assume you are in a computer lab and you are conducting a controlled quiz using Moodle. Currently there is nothing to keep students from paying another student to take the quiz for him. All he would have to do is share his login credentials with another student and the other student could answer the quiz questions, giving credit to the cheating student. The teacher may be able to catch him by looking at the IP addresses of the students, but that assumes that he has a reason to check, and knows how to do it.
Or, if a student is careless with his login credentials, another student could login, while the student is logged in, and do malicious things to disrupt the progress of the careless student. I am sure you can think of many more such scenarios that could be prevented with some logic that would provide more login security.
There is also the problem of security for proprietary content. In my case, I am developing a desktop application that has Moodle incorporated into it. We use Moodle to manage the course instructional content and in the lessons, we include links to the desktop application to provide real time adjudication of a musical performance. The link in Moodle will open a musical exercise in the performance application that uses microphone input to help students learn musical skills. If you would like to see it work, check out my profile.
Since this is a private development (for profit), we must block multiple users from logging in using the same username and password. The code hack I have running in Moodle 1.9.9 works by logging out user 1 if user 2 logs in from a different computer. So if user 1 neglected to log off and then logs in from another computer, there is no problem because his first computer will log off automatically. Also, I am using the cron job to logout a user if he is inactive for 20 minutes. And we have developed a way to trigger the require_logout function if the user just closes the browser without logging out.
But if user 1 is surprised that he got logged off, he should assume that someone else has his login credentials and he should log back in and change his password as quickly as possible. My code hack also limits the login time to 2 hours in an effort to prevent a teacher from buying one login and then allowing multiple students to use it during the day. Also, this way we can control cost by limiting server time and bandwidth usage.
The only problem with this code is that it will require you to login twice to get in from another computer. I found the idea for this code hack in another forum (forgot where) and then I expanded it to do what I needed. I don't yet know if it will work in Moodle 2.0.
Clarence
Assume you are in a computer lab and you are conducting a controlled quiz using Moodle. Currently there is nothing to keep students from paying another student to take the quiz for him. All he would have to do is share his login credentials with another student and the other student could answer the quiz questions, giving credit to the cheating student. The teacher may be able to catch him by looking at the IP addresses of the students, but that assumes that he has a reason to check, and knows how to do it.
Or, if a student is careless with his login credentials, another student could login, while the student is logged in, and do malicious things to disrupt the progress of the careless student. I am sure you can think of many more such scenarios that could be prevented with some logic that would provide more login security.
There is also the problem of security for proprietary content. In my case, I am developing a desktop application that has Moodle incorporated into it. We use Moodle to manage the course instructional content and in the lessons, we include links to the desktop application to provide real time adjudication of a musical performance. The link in Moodle will open a musical exercise in the performance application that uses microphone input to help students learn musical skills. If you would like to see it work, check out my profile.
Since this is a private development (for profit), we must block multiple users from logging in using the same username and password. The code hack I have running in Moodle 1.9.9 works by logging out user 1 if user 2 logs in from a different computer. So if user 1 neglected to log off and then logs in from another computer, there is no problem because his first computer will log off automatically. Also, I am using the cron job to logout a user if he is inactive for 20 minutes. And we have developed a way to trigger the require_logout function if the user just closes the browser without logging out.
But if user 1 is surprised that he got logged off, he should assume that someone else has his login credentials and he should log back in and change his password as quickly as possible. My code hack also limits the login time to 2 hours in an effort to prevent a teacher from buying one login and then allowing multiple students to use it during the day. Also, this way we can control cost by limiting server time and bandwidth usage.
The only problem with this code is that it will require you to login twice to get in from another computer. I found the idea for this code hack in another forum (forgot where) and then I expanded it to do what I needed. I don't yet know if it will work in Moodle 2.0.
Clarence
In reply to Clarence Prudhoe
Re: Will Moodle 2 block multiple users using the same login?
by Tim Hunt -
If it is a private development, for profit, how can it incorporate Moodle? Have you read the GPL.
Another user abusing a user's login is a problem, but I am not convinced that restricting to one login at a time (assuming you can define that. See Davo's point about browser crashes) is not a solution.
Switching to a different, stronger, authentication plugin probably is.
Another user abusing a user's login is a problem, but I am not convinced that restricting to one login at a time (assuming you can define that. See Davo's point about browser crashes) is not a solution.
Switching to a different, stronger, authentication plugin probably is.
In reply to Tim Hunt
Re: Will Moodle 2 block multiple users using the same login?
by Clarence Prudhoe -
Hello Tim,
I'm sorry, "incorporate" was the wrong word to use.
We have not used any of the Moodle code in our project, we just use it like any other Moodle site that contains links to proprietary websites or content.
You just click a link in a lesson that opens on your desktop instead of on another website.
And, if you will read my response to Davo's points, you will see that I have addressed the issue of browser crashes. When a user logs in, if that username and password is already in use, it logs out the first user and opens as usual.
Cheers,
Clarence
I'm sorry, "incorporate" was the wrong word to use.
We have not used any of the Moodle code in our project, we just use it like any other Moodle site that contains links to proprietary websites or content.
You just click a link in a lesson that opens on your desktop instead of on another website.
And, if you will read my response to Davo's points, you will see that I have addressed the issue of browser crashes. When a user logs in, if that username and password is already in use, it logs out the first user and opens as usual.
Cheers,
Clarence
In reply to Clarence Prudhoe
Re: Will Moodle 2 block multiple users using the same login?
by Clarence Prudhoe -
Hi,
This is the forum where I found the code I used to block simultaneous logins. I started with this code and added to it. I have not yet figured out how to make my code work in Moodle 2.0.
http://moodle.org/mod/forum/discuss.php?d=22401#p542248
There is also a good discussion about this topic at:
http://moodle.org/mod/forum/discuss.php?d=34457
I would love to see a better version of this incorporated into Moodle 2.0, perhapse as and option.
Clarence
In reply to Clarence Prudhoe
Re: Will Moodle 2 block multiple users using the same login?
by Clarence Prudhoe -
Hello,
If anyone else is interested, here is the solution to this problem.
I developed a solution for the problem of simultaneous users using the same username and password.
I have a version that works with Moodle 1.9.9 (I have not tested it in other versions).
I have another version that works with Moodle 2.0 Preview 4+ (Build: 20100715). I hope it will continue to work with future versions of Moodle 2.0.
The code and instructions for both 1.9.0 and 2.0+ are in the attached .zip file.
This solution does not require the double login like other solutions I have tried. It is however a refinement of the code suggested in these forums and I want to thank those of you who have contributed these solutions.
Please try this solution and let me know if you find problems or you have suggestions about how to improve the script.
Clarence
www.MusAPP.com
In reply to Clarence Prudhoe
Re: Will Moodle 2 block multiple users using the same login?
by Micky Fokken -
Thank you for sharing the code. I will try this on my server. We also need to prevent users from sharing their logins.
Thank you.
In reply to Micky Fokken
Re: Will Moodle 2 block multiple users using the same login?
by Emanuel Delgado -
I think this is a solution for this issue:
http://moodle.org/mod/data/view.php?d=13&rid=4060
We developed this plug-in so if you have some kind of trouble using it, just let us know.
In reply to Emanuel Delgado
Re: Will Moodle 2 block multiple users using the same login?
by Micky Fokken -
Is it possible to link the plug-in to specific courses or users? My school has asked if we could designate some users to share logins and others to NOT share logins.
In reply to Micky Fokken
Re: Will Moodle 2 block multiple users using the same login?
by Micky Fokken -
scratch earlier post. School changed their mind. Duplicate logins are now okay.
In reply to Emanuel Delgado
Re: Will Moodle 2 block multiple users using the same login?
by anand d -
thanks.........................sir.
i have done it
In reply to Emanuel Delgado
Re: Will Moodle 2 block multiple users using the same login?
by Plecto Rincus -
Hi,
I'm interested in your plug-in , but did not success in using it.
I downloaded the version for Moodle 1.9, installed it following your suggestion, but when I try the login operation for users for which I set the "uniquelogin" as authentication method, the login fails, as if I specify wrong values for username and password. Of course I made double sure I used the correct values.
Any suggestion?
Thanks in advance.
In reply to Plecto Rincus
Re: Will Moodle 2 block multiple users using the same login?
by Brennan Waters -
I would like to know if anyone has successfully been able to enact the above plugin. I can't figure out how to install the plugin?
Can someone please help?