Store the IP with the username and password, then check for all three. When the next person logs in with that username and password from a different IP, then associate the new IP with that username and password, effectively kicking out the first person, forcing them back to the login screen with an error message, etc.
On Tue, Mar 17, 2009 at 10:07 PM, Mr. Eric Eugene Naujock <naujo...@mac-cafe.com> wrote: > I am not sure that is what I am looking for. > > This is the scenario that I am looking to resolve. I have two people at two > different computers and they both are trying to use the same account that > was paid for by 1 person. I am looking for a way to discover that two people > on two different computers are trying to use the same authentication to gain > access to an account. > > So far from what I am seeing I have had two different people log in as 1 > user on 1 paid account. I need to prevent that either by being able to deny > the second connection or disconnecting the old connection and allowing the > new one to replace it. Effectively destroying the old session. > > I am using Zend_Auth for database accounts (Username and password) and > OpenId accounts also using Zend Auth with OpenId. > > Right now I have seen in my Tracking software two people using a single > username logged in and before I expose the accounts to the public I need a > way to manage that. I am attempting to use as much of the Zend framework > throughout the system as I can. > > On Mar 17, 2009, at 4:32 PM, Ralph Schindler wrote: > >> If you are using Zend_Auth, check out the following methods: >> >> $auth = Zend_Auth::getInstance(); >> >> $auth->hasIdentity(); >> >> HasIdentity() will return true if you have once already authenticated the >> user with $auth->authenticate(), and a proper adapter. >> >> Zend_Auth by default uses Zend Session, so it should take care of the >> problem for you. >> >> -ralph >> >> >> On 3/17/09 1:42 PM, "Mr. Eric Eugene Naujock" <naujo...@mac-cafe.com> >> wrote: >> >>> Is there a way to track sessions to prevent a user for creating an >>> account a logging multiple times at once. I am not seeing anything >>> that allows me to hook in and have the sessions check to see that >>> account johndoe is not logged in more then once at one time. How would >>> I go about doing this with zend _auth? >> >> -- >> Ralph Schindler >> Software Engineer | ralph.schind...@zend.com >> Zend Framework | http://framework.zend.com/ >> >> >> > >
