No problem, glad to be able to give something back. Your Add-on has proved invaluable for keeping the trouble-makers at bay on my forum :)

does this new update contain the fix that mindstar posted?

Thanks for the update :)
Keep up the good work.

Much Apprciated For Update Kiros :up:

Thanks for the update.

Kind regards :)

ello kiros, am havng fatal error after the update.

Tried to test using two login dummy account, Fatal Error shows up after pressing the login. On second attempt it didn't showed up and login properly and didn't detected/created an alarm as well.

Fatal error: Cannot pass parameter 2 by reference in /home/mydomain/publichtml/boards/madp/detection.php on line 279

Okay, thanks Mark. I think I know what's causing it.

The fix should be up in a minute.

The latest version contains a fix that is very much like what Mindstar posted. It fixes the issue that his post addresses.

Unfortunately, I don't have a diagnostics system for the AdminCP setup yet, so I cannot include his suggested SQL anywhere in the modification. So I'm afraid that system administrators will have to run that query at their own risk.

Anyway, version 1.1.3 is out now and it fixes the issue that Mark brought up.

My bad. in $threaddm->do_set(<PARAM>, <VAL>) <VAL> is passed by reference so you have to pass the value in a variable :o

your mod is working perfect on 3.8.2.

BTW, thx one more time for the great work :)

Excellant work Kiros72 many thank's for the update, and like many other's have said this mod has proved itself to be invaluable to our forum's to keep the trouble-maker's away so your update comes very welcome :)

ps. thank's MindStar

This mod looks like a very nice alternative to Multiple Account Login Detector (AE Detector) and Multiple Account Registration prevention add-on.

I would love to start using this mod, however all of my forums make extensive use vBGallery.

Any chance on getting those conflicts resolved?

Thanks

Right now, I'm working on a project for someone and it might take me several days. After I'm done, I can look into the coding of vBGallery to see if anything can be resolved.

However, if you just want to prevent multiple registrants by disabling their registration, then that will still work. The issue arises in the register_addmember_complete hook, so moving multiple registrants to a Usergroup won't work correctly.

I am also not getting any moderated members.

I have not uninstalled the AE detector, but disabled it in the product manager. Is this a problem?

Settings:
Enable multiple account login detection? yes
Registration prevention: Move to Usergroup, Except Banned Users
Silent Mode: Yes
Ignore Child Accounts: yes
Ignored Users: 1
Ignored Usergroups: 5,6 (staff)
Ignored ISPs: aol.com
Prevention Usergroup: 4
IP Address Prevention: yes
Extended IP Address Prevention: yes
IP Address Time Inclusion: 90
Banned Account Check: yes
Primary Banned Usergroup: 8
Cookie Expiration: 700
Cookie Refreshing: yes
Cookie Name: idstack
Cookie Reset: no

Multiple Account Reporter: 7849
Report by Private Message: no
Report by New Thread: yes
Forum to Post New Threads: 146
Verbose Mode: yes
BB Code: LIST: yes
BB Code: URL: yes
BB Code: CODE: yes

Do you need anything else?

If you have silent mode on, you will only get notified (thread or PM).... You won't get any moderated members.


Silent mode = reporting only.

I am not getting threads either.

Kiros72,

I had to uninstall your hack because I kept getting this error when trying to login after installing:

Warning: require_once([path]/madp/detection.php) [function.require-once]: failed to open stream: No such file or directory in [path]/includes/functions_login.php(185) : eval()'d code on line 3

Fatal error: require_once() [function.require]: Failed opening required '/home/smiggy/public_html/forums/madp/detection.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/smiggy/public_html/forums/includes/functions_login.php(185) : eval()'d code on line 3

My modification should, in theory, work fine if MPDev's AE Detector is disabled; however, you may want to uninstall it if nothing is working out. There are a few things that you must make sure of. Is the reporter setup with the correct ID (7849)? Does the forum (146) exist and does it allow the reporter to post in it? If you're going to be testing it, you're going to want to remove ALL Ignored Users and Ignored Usergroups. Also, please make sure that your Cookie Name is set to IDstack instead of idstack (notice the capitalization). I doubt that this would be effecting it, but I'm unaware if browsers would make an issue about this or not.

Please list all of the modifications that you currently have installed.

One more thing, enabled reporting via private messages and set the recipients correctly. The PM reporting uses less resources and is more fool-proof than reports posted by thread.

Looks like you need to upload the files in the correct directory. The /madp/ folder and all of the files within it should have been uploaded to your forum root.

Oh right.

I have followed your suggestions and will await to see if any reports by PM or thread appear. If not, then I will send you my list of installed modifications.

Sounds good. Hope it starts working for you!

Great! It's working. Thank you!!!
I do suspect that it was due to having AE detector installed.

Alrighty, thanks for the update ;)

Cheers!

I've just installed this hack and am not using any iteration of other hacks like it. But it is not working for me. I've set it to reporting mode only (silent), and tried logging in through a dummy account. I was not notified about it, by a private message, on my administrator user-id.

P.S.
I've uploaded the 'files' of this hack directly to the root of my forum folder.

Kindly let me know if I'm doing anything wrong in here.

This is probably due to your administrative account being ignored. Go in and remove the Ignored Users and Ignored Usergroups.

Try this and let me know how it works.

I've done that already. I again tried logging in (using Chrome as a browser), but it didn't work. Then I tried using the same dummy account via Firefox, this time, it did generate a report to me, as it should have.

But then again, when I just tried signing in using that dummy account, using Firefox, it didn't work. No report was generated.

Did you enable IP checks too?

If you're only basing it off cookies, and use a different browser, then it's less likely to catch the cookies.

Nope, I did not enable IP checks. But in spite of my trying to log in/off using the dummy account, in Chrome, it didn't point the duplicity out. And neither is it working in Firefox now.

I'm going to turn IP check on, and see if it works any better.

Nope, even the IP check doesn't work. It doesn't alert me of my use of a dummy account. It happened just once, and not after that.

Okay. So here is what I did. I cleared up my cookies in Chrome, and this time it did work. Does it mean that I need to 'reset' the cookie for multiple login detection?

You may...

also, i'd recommend setting up everything the way you want it to be (having your user ID ignored, usergroups ignored, and what not) and then having a trusted member create an alt. Don't be specific. Tell him/her to please make a new test account. Then just delete the test account later.

It helps give you a real idea...

Also, with IP address checks, you might need to extend the date it checks... i switched it from 90 to 180 to see and 2 reports popped up...

Hmm, I think I see what's going on here. And if it's what I'm thinking, then you won't need a cookie reset.

Since the IP checks only work for the registration prevention, you won't benefit from it while testing logins. But what I think happened may have been caused by the use of different browsers. Each browser has its own cookie-handling system and it's own set of cookies. Now let me explain what probably happened.

If you had your Usergroup or user account added to the ignored list, and you tried to login, then it wouldn't have caught you. It would still set the cookie and make sure that it knows what accounts you have logged into, but again, it would not have thrown a red flag. Even after removing the ignored ID numbers, it would still not have thought anything out of the ordinary because it only reports NEW detections. This is because you wouldn't want to keep on being spammed notifications if someone kept logging in and out throughout one day. So yeah, this is probably what happened. This is also why it worked after you cleared your cookies.

Understand?

I just did a livetest with a pal.
He registered with the same IP & Browser 2 Accounts.
The 2nd was banned instantly, the first one was not touched.
Can you please make it possible that it will ban BOTH, I am really extremly in need of this.

Also please make the mod report if already banned accounts do a multilogin.
I had someone logged in with shareaccounts which are already banned but I did NOT get a notice about that like AE Detector did.
(he just killed the cookies and that do a lot of ppl do. I need the option)

My forum has been without multiple account detection for some months and i would like to detect all members that have created multiple accounts. I understand that this hack only detects multiples in case they try to register. Not in case they already have registered?
Is there anything I can do to get a check of existing members?

The original account isn't touched for safety measures. This is to protect you. Because if you don't have yourself on the ignored list for some reason (like testing something) and you get busted, you wouldn't want to get banned out of your own site... Would you? This is why I made it this way.

This modification should report those who do multiple logins regardless if they are banned or not (as long as it's a NEW detection).

Unfortunately, this would require database work. I'm still in the slow, slow development of a major release, 2.0.0, which will include database features. Until the new version is released, the only suggestion that I can offer is to look through all of your past reports (if you haven't deleted them).

Can you optionally change this?
I am really in extreme need of this, that ALL accounts get instantly banned for multiaccounting, no matter who it will be.

Also I am in need of the notification from AE Detector that already banned accounts did a multiple login. So I can find new multipleaccounts too.

Also it would be very cool if the addon would also instantly send a note if a user accesses a 3rd account and the addon tells me again all 3 accounts, even if he just a minute ago logged in with another. Also it would be great if it would tell me which detection what nick has gotten to be multiple (Cookie, IP, both)

I have a really hard time with multipleaccounts, sometimes ppl with over 8 accounts show up, so just to tell a number.

(No, just preventing to register a new Account is not an option for me, for they just kill the cookies and reconnect if they recognize that)

Understood. That I guess was the issue here. Thank you so very much for your help.

I have just recently got this hack to work. Until January i was using the AE detector. The few months without detection seems to have resulted in a lot of returning trolls.

DB features would be great.

Some suggestions:

- After each account:

• Add a link to PM the member. (optimal would be a predefined PM text to be sent)
• Add a link to search the database for all IP's that belong to the account.
• Add a link to add the account to the miserable users group
• Add a link to add the account to 'Tachy goes to Coventry'
• Add a link to ban the member.

- Add a function to ignore the accounts or IPs in the future.
- If an IP is reported, then add the whois.

I'll try to include this option in my next version, but understand that this is not a priority of mine. This would be an unsafe feature that could get a lot of people in trouble, so again, it's no priority.

Multiple Account Detection & Prevention already does this.

Multiple Account Detection & Prevention already does this too.

Umm, okay, well if they clear they're cookies and have their IP address changes, there's nothing that anyone can do about that. The AE Detector didn't even have registration IP address checks. I don't see what you're wanting me to do about people trying to evade the system.

Glad I could help ;)

Hmm, if you want to "start over," then you can either change the Cookie Name or do a cookie reset. The cookie reset would take a substantial amount of time, but the cookie name change would be immediate.

I cannot say exactly how long the wait will be for the next version, but it's going to be at least another couple of weeks. I've got a big project that I'm still working on.

If it is a matter of money, please tell me a price to get this a bit higher into your priority list.
Maybe as a hardcoded option in a file, so if you really want to activate it, it is not easily accessable through the options :)


For me not. As Stated. Account X and Y are already banned for being shared accounts. Yesterday someone logged into both accounts with the same IP and browser and the System did NOT inform me about that.
About the detectiontype... in our test the text was missing, now on a real one it showed the detection very well :)

If you directly deny a registration they'll figure more fast, that they should do this. If you let them register and instantly ban them, they don't fiddle around much. Don't know why but it works better that way :)