The registered user is a site with the area, they have their own user / pass.
There is a problem, some of them try to share certification information to help others finish their jobs.
There is no possibility of banning IP addresses because Dynamic-IP is available for everyone.
What could be the best solution? Store session in database? Do not logout properly?
Thanks
I usually give them ping-pong: a custom session_save_handler Store the session in a database, with an additional field for the User ID ( session_id char, session_data blob, session_user int or char ) A successful login-effort destroys / eliminates all other sessions with that specific user-id, and you can also repeatedly do this that the delete statement actually removes the rows, To block people explicitly with a counter, people who switch to excessive 'delete' session computers / places / browsers can still work immediately after entry, user sharing authentication A-will each other on logging, and until some arbitrary will increase your counter until it is not considered appropriate, in which case you can disable the account / lock.
Comments
Post a Comment