how to track users in php

[mr-cracker]

hello,
i want to track which users are downloading from my file, i want to prevent account sharing, my website is like you open a php page and then u will be redirected to the download link, i can track user in this page easily. But the conventional way (tracking by ip) will not help me, because i want to give accounts locally within my area and we all use shared ip internet which means we all have the same public ip.

Is there any other ways to get information from users computer?? or maybe save some info on it and use them to prevent multi users using one account??

any ideas??

 

[NucleA]

dude, get their IP

Make a class in php for checkin IP!

Compare if the IP is from the same country! If its not, then you know what to do!

Genrally, you will only need to match the first part of the ip address which will give you the location(country of your user)!

Moreover, you can use cURL to generate an automatic lookup on a specific site such as (whatsmyip.com) and use regular Expressions to get the location! Or simply if you have a database of IP formats and their location, this could help also!

Now, that will make your php page loads damn slower! what you can do is,
When the user logged in, he get a message like
"Checking Account Settings" and some animated progress bar during which you check the logs of which IPs used the account and throw them to your php Class.

 

[mr-cracker]

hello, thanks for ur reply, as i said i want to advertise locally for my website but as i said we have shared ip network which means all of us have the same ip. this method will not help me, i want other methods if there is??

 

[NucleA]

hm..if your network uses dynamic IP addressing and your users switches computers(meaning they use different computers to access your site) then its quite impossible to identify any misuse.

But, if your users are using a single computer, then you can use cookies for example, to store some random keys! Cookies have an expiry date.

Suppose you set a cookie for 2 month,
First you store a randomly generated key in your database and in a cookie when the user first log in the system!

Now, every time he log on the website, check the validity of the key from the cookie to the one in the database. If its the same, then the same person is using the account, if not, then its maybe someone else!

You can do this in an another way, each time a user logged in, you get the key from the cookie and store it in your database!
Now, after certain time, you can perform a check to the logs of your database, to see how many different keys have been used! If a single key was used, the it means, a single computer was used but if there are different keys, then it means multiple computers were used to access the user account!

Problem: when the user logout out, you must make sure the cookie containing the key is not deleted!

Ahhh..You just need some imagination dude!

 

[mr-cracker]

Hi Nucle, i was thinking in your second suggestion too, basically i can not restrict users from using their own account on other computers but maybe if they log in using three computers then that would suspicious why do u have three computers, does not make sense.

I think i will go with this way but there is something, i think if i make checking per day will be better, two different logs will be ok but if they become three then your account will be terminated, what do u say??