find out if these people are getting into the system because they're sending a cookie/login string with the right details for the wrong account
using one-time-use capability keys that can only be obtained by reading the user's e-mail will prevent erroneous log-ins while reducing the number of credentials the users need to remember. Janes Doe and Smith may not be able to say who is who in a mirror but its not likely that they actually receive each other's e-mail. bitcard and AIS do essentially the same thing. I will be totally thrilled to offer a mod_perl enabled AIS::client if anyone writes one; I don't know if Authen::Bitcard works right under mod_perl but I expect it does. Ask is much more reliable than I am. -- The Country Of The Blind, by H.G. Wells http://cronos.advenge.com/pc/Wells/p528.html
