Is there a way to block users from signing in from two places at the same time and show an error message? My users have been spreading their passwords around and the users and others are logging in from different places at the same time.
Unfortunately, this is currently impossible. However, there is another protection: http://www.amember.com/docs/html/ip_basedaccesscontrol.htm
Dynamic Ip The problem with that protection is that people with dynamic IP addresses get blocked... Isn't there a way to create a table in the SQL database and at login, aMember executes that table and if someone is already logged in with that account, it bans the account?
Well, it is possible to configure it that it works for 99% of normal customers. Unfortunately, it is impossible. It would be a mistake to ban customer in this case anyway. May be he switched from one browser to another, or from one PC to another?
Blocking multiple access I agree... however if 3 or more people are accessing a site within 15 minutes or so, then we can surely assume the username and password is being shared during a single session, yes? Also, while it's true that someone can "switched from one browser to another, or from one PC to another"... can't you do some sort of reverse IP lookup and see if the domain of the ISP is different to see if the login information is being shared? For example, when I visit: http://www.showmyip.com/ ... It instantly shows all kinds of unique information -- everything from my ISP provider to even my estimated geographical location. Can't aMember offer us an option to turn on some sort of lookup and create a unique string of both the ISP and Location? For example, if my ISP is "Comcast" and my Location is "Lancaster", an index would be: Comcast-Lancaster ... Of course, if a visitor opens up his/her second computer at the same time, the visitor will be the same: Comcast-Lancaster But if a member shares his login information to his friend across the country, the index might be: RoadRunner-Broward ... And that would trigger aMember to block access to all (and even better, send an email warning to the member about sharing... inviting the member to return to a special page to change login information). Is that an easy, workable idea?
OK, you are travelled from office to home and login again, should you be locked? We will implement more strict protection against account sharing, and I appreciate your ideas, but it will only be possible in aMember 3.
Great point... that's why it might make sense to block access for more than x different locations (maybe 3 or 4). I'd let the aMember admin enter a number (I'd enter 3) that blocks access... ... I think most users are concerned about dozens or even hundreds of people sharing one login. I'd think that's the big concern.
Yes, hundreds of peoples with the same login is a problem. And aMember's existing locking by IP is able to prevent this easily and by default.