Prevent multiple users login with same username and password

Prevent multiple users login with same username and password

by Satish maurya -
Number of replies: 24

Hi all !

I am facing a problem ,multiple users login with same username and password .I need to stop it urgent.Need adeas to solve this problem.........

satish

Average of ratings: -
In reply to Satish maurya

Re: Prevent multiple users login with same username and password

by Marcus Green -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers

There is no reliable way to do this with technology and I suggest you use social pressure/sanction to achieve this result. In theory it might be possible to use the i.p address of the client, but in many situations multiple machines will have the same i.p. address and thus cannot be relied on.

Average of ratings: -
In reply to Marcus Green

Re: Prevent multiple users login with same username and password

by Satish maurya -

Marcus ,

Thanks for this reply.But i need it urgent because in my school stdents sharing his username and password.

Pls check it is my  idea .

1.if add a column(flag) in table mdl_user store a 'false' value  when user create new account .

2.Make a function which accept three value table name,flag field and username(which user enter) .this function return the value of flag field (true or false) .This function call if the user exist in database.

2.1  if 'false' returned then allow to login user and insert value into flag field 'true'.
2.2 if 'true'retuned then do not allow to login and print the message below the username and password field "This user already logged".Do not insert any value in database.

2.3 Now when sign out user then insert into flag field value 'flase'.

3.User allow to login only when flag field value 'false'.


pls chek it and give me your more ideas........

Thanks

satish

Average of ratings: -
In reply to Satish maurya

Re: Prevent multiple users login with same username and password

by Mark Stevens -
If you know who is doing it, then why not unenrol the person(s), change the enrolment key, call the offender(s) to the office/send an email, explain the policy, and give a second chance.  If the offense continues, permanently remove the person(s) from the course.
Average of ratings: -
In reply to Satish maurya

Re: Prevent multiple users login with same username and password

by George Young -
I've given this some thought, but haven't entered a 'design' phase.

My preliminary ideas follow yours - add a field to ".._user".  One could also design an implementation that uses records in the logs, since one of the actions recorded in the logs is 'login'.

However, one tripwire that I see will need to be addressed:  students -can- leave their session (or be caused to leave, such as when a a computer locks up or communications is lost) --without going through the logout procedure--.  Thus, the "logged in flag" doesn't get reset and they cannot log in again until some separate action is taken.

A feature could be implemented that provides a way to do this manually, but I wouldn't want to be burdened with resetting accounts, or even to burden teachers with the task.  It will be important to have some scheme that allows the "logged in flag" to be cleared 'automagically'.

Average of ratings: Useful (1)
In reply to George Young

Re: Prevent multiple users login with same username and password

by Satish maurya -

Thanks  ! for your ideas

I added a flag field in table  mdl_user but when the user close the window without logout ,flag field do not update .only one idea need how can i update flag field value when the user close the window without logout.

waiting help from all..........

satish

Average of ratings: -
In reply to Satish maurya

Re: Prevent multiple users login with same username and password

by George Young -
Two ideas come to mind (neither originally mine):
  1. When some reasonable amount of time has elapsed since the most recent activity took place (recorded in the log file), reset the flag to permit login. 
  2. When a login occurs, force any other existing login(s) for that user to be logged out.


Average of ratings: -
In reply to George Young

Re: Prevent multiple users login with same username and password

by Vikram Solia -
Hi there!

i think we could proceed as follows:

- the field added to the user table holds the session key which is to be compared on every access to the site;
- on subsequent access using same username, session key is to be replaced by the new session key;
- this will log out the old user when the session keys do not match.

This will allow only the latest user to be logged in and the earlier one to be logged out.  Anybody ready to implement this.

vikram solia
Average of ratings: -
In reply to Vikram Solia

Re: Prevent multiple users login with same username and password

by Satish maurya -

 very good idea !!!

It is very good idea ,actually i need this ,i want to logout previous logged user.I am working on this problem ,i want to implement but need help in every step.

First problem is how can i store session key in  user table ?

i think we have to add a new field which store session key.

waiting your  ideas....

satish

Average of ratings: -
In reply to George Young

Re: Prevent multiple users login with same username and password

by Satish maurya -

Thank you sir !

your second idea is very nice ,but sir how can i check any existing user(which is logged) .

need your idea in brief ,i am working on this problem ,can you help me sir ?.I want to implement it....

waiting sir your reply.

satish

Average of ratings: -
In reply to Satish maurya

Re: Prevent multiple users login with same username and password

by Vikram Solia -
OK Satya!

The sessions are stored on the server as files in the tmp folder.  What we can do is to check for the existence of the old session on the server disk and get rid of it.  This will automatically log off the first user.

Now, we can store the new session id in the user database.

All the best and do tell me when you implement it.

vikram solia
Average of ratings: -
In reply to Vikram Solia

Re: Prevent multiple users login with same username and password

by Satish maurya -

Thanks !

But sir this is for intranet which store session in tmp folder.My website on internet based www.kompz.com/skool ,then how can i access tmp folder ?.

need your help more..............

satish

Average of ratings: -
In reply to George Young

Re: Prevent multiple users login with same username and password

by George Young -
After reading Virkam's reply, it occurred to me the "log out the others" approach has a weakness:
  • 2nd user logs in causing 1st user to be logged out
  • 1st user logs in moments later causing second user to be logged out
  • And the go back and forth.
This -does- create an inconvenience and will no doubt deter many, but not the persistent.

Two ideas for refinement come to mind:
  1. Notify each person that another person is using the account which should be used only by the rightful account-holder.
  • The rightful owner then knows someone else is using the account, and may choose to change the password so others don't interfere with his activities.
Institute a time delay before a subsequent login will be accepted.
  • To further increase the 'inconvenience', a deterrent to 'abuse' of use of the account.
These might have the added benefit of deterring users from sharing their accounts, which may be the -real- problem.
Average of ratings: -
In reply to George Young

Re: Prevent multiple users login with same username and password

by Pedro Guevara -
Is all this only an idea or is it something in development?
I also looking for this kind of functionallity
Thanks
Average of ratings: -
In reply to George Young

Re: Prevent multiple users login with same username and password

by Temitope Ogunniyi -
Greetings. @George, Don't you think there may be a need to add ip-address to the content stored? I'm only suggesting as i'm sure that using two different web browsers can cause the scenario you mention above:
  • 2nd user logs in causing 1st user to be logged out
  • 1st user logs in moments later causing second user to be logged out
  • And the go back and forth.
I mean the same person decide to use different browsers for different activities etc...

or what do you think?

(I would like very much if this is integrated into moodle with possibilities of admin control.)

Average of ratings: -
In reply to Temitope Ogunniyi

Re: Prevent multiple users login with same username and password

by Agam Nag -

HI:

If all you need is to allow a unique login by a user by logging out the previous login and deleting all but one session, then you may find this plugin useful. http://docs.moodle.org/en/Uniquelogin_authentication

It works beautifully and does not require any code modification since it is a plugin. A great piece of code by Emanuel Delgado.

Ciao

AN.

Average of ratings: -
In reply to Satish maurya

Re: Prevent multiple users login with same username and password

by cdx cdx -
as support for your request we asked this same question in April: http://moodle.org/mod/forum/discuss.php?d=22401#105784
Average of ratings: -
In reply to cdx cdx

Re: Prevent multiple users login with same username and password

by Anil Sharma -

$CFG->tracksessionip = true;

What it does is store the IP of the user when they first authenticate, and then checks for changes every time they access a page.  If the IP changes then they get an error and are prevented from doing anything.

This was written by Martin when 1.5 was under developement. I wonder if it still works, i've tried testing it but can't get any results.
Average of ratings: -
In reply to Anil Sharma

Re: Prevent multiple users login with same username and password

by Petr Skoda -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers
It tracks only sessions, it does not check user names at all - it prevents sharing of sessions.
I did not test it lately but it should work.
Average of ratings: -
In reply to Anil Sharma

Re: Prevent multiple users login with same username and password

by Vikram Solia -
Hi Anil!

It works only to prevent session stealing via cookies.  However, it does not prevent multiple logins to the same user account.  As an example, suppose you logged in using a dial up connection.  If you get disconnected and then reconnect, tracksessionip will not let you open pages even if you had your browser open.

I am working on a solution intermittently but am unable to give a deadline.

All the best!
Average of ratings: -
In reply to Anil Sharma

Re: Prevent multiple users login with same username and password

by Just H -
Hi Anil

This is not such a good idea as I found from experience: Where I work the network is set up for load sharing, therefore, I can have two IP addresses being sent/seen when connected externally (only found out as I was having problems connecting to my host when I was setting up Moodle originally - external hosting as a trial).

In the end my ISP had to change the way they where authenticating.

I'm guessing my IT department isn't the only one to have set the network up in this manner.

Regards
Harry


Average of ratings: -
In reply to Just H

SOLVED : Prevent multiple users login with same username and password

by Anil Sharma -

Ok, heres the logic.  The session key on login is stored in a database field. Next time another user logs in, that field is overwritten by the new session key. The first user is logged out.

To do this, attached is a file with details. Please remember to make backup of all files that you edit before trying anything.

Need suggestions and test on this code. I only have a MySQL installation so the code is only made for that, if someone could update the files with Postgres changes and post it here, would be great for everyone

Average of ratings: -
In reply to Anil Sharma

Re: SOLVED : Prevent multiple users login with same username and password

by Pedro Guevara -
Thanks:

I will test the code in a while.

I have 2 suggestions:
  1. Send a message to the first user telling him that his/her session is finished because someone else is using his/her userid and password
  2. Log somewhere (i don´t know exactly the apropriate log file to do this) that the first user´s session whas terminated because a second login. With this, tha administrator has a way to know that several users are using the same user and password.

Thanks again
Average of ratings: -
In reply to Anil Sharma

Re: SOLVED : Prevent multiple users login with same username and password

by Yureshwar Ravuri -
Hi does this work in Moodle 1.9. I had tried this but i was failed to get the result as you had specified. Please let me know in case this is available for v 1.9... Thanks in advance.....
Average of ratings: -
In reply to Yureshwar Ravuri

Re: SOLVED : Prevent multiple users login with same username and password

by Shail Jai -

I don't think so this is logical to get log out first user if second user get log-in, instead of this second user should get message that first user is login by using same user name and passwor....

if any one have solution please let me know...

I try unique login plugin but it's not useful for me..

thanks in advance

Average of ratings: Useful (1)