One php code for check username and password and check if any username and password are used by many users - many different ip's at the same time check for same username and password -?

astrix2
astrix2 used Ask the Experts™
on
I have a program that call to a php file for check the username and password of my program...

Any script or code in php or other for check if any username and password is used by more than one ip at the same time?

For check if the username and password is passed to other persons...

Thanks in advance for the answers...
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
This depends on how you store your user/pass data + how your track IP logins.

Sounds like this is all custom code, so how you accomplish all this will depend on additional code you write... as the only correlations between logins + IPs are implemented by your code, so no other code will understand the login to IP relationship.

Author

Commented:
Thanks David...

But I believe is a general code.

if I make a program, this program when run call to a php archive sending the username and passsword registered in the program how parameters, anyhow this:

www.anyweb.com/check_user_pass.php?user=anyuser&pass=anypass

And here a code with a database that check the ip and the username and pass, and if any other ip has checked for the same username and password, how the cloud sites how depositfiles.com the php return an answer to the program block with various options:

1.- Change the password with a random code for generate new password, save in the database the new password, and send an email to the owner of the software - the database have the email of the client - for put the new password in the program

This option 1 is the more better solution for block username and password if the client of the program do to other persons or any person piracy your user and pass...

2.- Restrict the use of the program some time, I remember that rapidshare.com in the past block the use some hours, or some days, any time write in the php code...

Is complex, but is general for any software... I search for code with this, not problem if is needed pay some money...

But a complete check of username and password and check if same username and password are used for different ip's at the same time...

Any person know a php software with database of clients, make for check usernames and passwords and check if same username and password are used by different ip's at the same time...???

I think there must be some code to do all of this, it is generic in managing a software with its user and pass... Any know where locate a software how this, inclusive if no is freeware...?

Author

Commented:
Not is very complex create a code for this, my problem is I not have many experience with mysql databases in web...

If are in pc, is simple create an access db with some fields how email of user, username, password, ip conection, date of connection...

And is only check for if the username and password are correct and not connect many users with same username and password from different ip's at the same time and a code for create a new password and send the new password to the user... Or block for some time the use of the software...

For more security, the php call also do any data for the program in pc work, if the username and password are bad or are many users with the same username and password at he same time, not send the important data for the program work...
Most Valuable Expert 2017
Distinguished Expert 2018

Commented:
Typically you would create a session store in which you would store the userid and a token and potentially an expire date/time.

When the user logs on you check to see if they have an existing session and if it has expired - if it has you update the session table with the new session key and return this as a token to the logged on user in a secure HTTP only cookie. If it hasn't you reject the logon. If there is no session you create one and set the expire time to a reasonable timeout time (5 min / 10 min - it depends on your application and how it is used)

When you receive a request for a resource - you look for the session key based on the COOKIE token - if you find it and it is valid - you update the expire time.

This will effectively prevent multiple simultaneous logons with the same ID which is what I suspect you are asking.

If not then please clarify - it is difficult to understand what you are asking from your posts.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial