Multiple account login detector (AE Detector)

If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts.

Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned.

You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process.

New Installation
1. Add New Product with attached XML
2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings.

Time to install: Easy - 2 minutes.

Upgrade
If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly.

I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page.

To upgrade you will want to reimport this XML file and edit your options accordingly.

1.0.3
-----
. Added a check to ensure that users weren't deleted when reporting violations
. added htmlspecialchars_uni call to username

Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears.

1.0.2
-----
. Updated to include exclusion groups, users
. Changed so PM is sent by ae sender id

1.0.1
-----
. Released as a Product (thank you PHPGeek2k3 for your help)
. Added option to post to a forum versus send a PM (or both)
. All settings moved into Admin Option

1.0.0
-----
Initial release.

[bashy]

What was the full URL you used is yours forums/ or forum/ make
sure ya use the correct 1 as this method works for me whenever
i get locked out due to a issue with a plugin

[SCRIPT3R]

<a href="http://forums.mysite.com/admincp/plugin.php" target="_blank">http://forums.mysite.com/admincp/plugin.php</a>

[bashy]

Oh...i dont know how the free servers work....
Its saying that the url http://forums.mysite.com/ is:
Site available.
The subdomain forums.mysite.com is available. Use the link on the right to sign up for your FREE Web site.

You sure thats your url as this dont make sense?
If it is yours then why is it saying that its available?

Sommat aint right m8

[SCRIPT3R]

no silly, that's not my real site domain, just the path... i'm currently under attack by another forum, so i don't want to give out my real domain here. i fixed it anyways disabling the hooks by the method found here:

http://www.vbulletin.com/docs/html/disable_plugins

now i just have to clean up the hackers mess.

[luroca]

Quote:

Originally Posted by luroca

It would be very useful to know the usergroup of the different users. By example:

... User1 (registered) and User2 (Premium) in the same PC ...

Well, here it is my little aportation:

Find:

PHP Code:

 $checkuser = $vbulletin->db->query_first("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid={$Unums[$i]}");
if ( !empty($andids) ) $andids .= "and";
$andids .= " [url=". $vbulletin->options['bburl'] ."/member.php?u=" . $Unums[$i] . "] ". $checkuser['username'] ."[/url] ";
} 


And replace with:

PHP Code:

$checkuser = $vbulletin->db->query_first("SELECT user.username as username, usergroup.title as usergroup FROM " . TABLE_PREFIX . "user LEFT JOIN " . TABLE_PREFIX . "usergroup ON user.usergroupid = usergroup.usergroupid WHERE userid={$Unums[$i]}");
if ( !empty($andids) ) $andids .= "and"; 
$andids .= " [url=". $vbulletin->options['bburl'] ."/member.php?u=" . $Unums[$i] . "] ". $checkuser['username'] ."[/url] (" . $checkuser['usergroup'] . ") ";
} 


Regards

[Paul M]

Quote:

Originally Posted by NeutralizeR

Maybe this issue talked before but it's useless if somebody is using two browsers.

Nothing is perfect

It will also fail on the same pc if different user accounts are used (like in xp).

[MPDev]

Quote:

Originally Posted by GearTripper

today i have several emails about the following error:

and i'm no longer able to log into my AdminCP... any ideas?

That's very odd, did something in your db get corrupted? Unusual that something which worked fine for a period of time would "suddenly" develop an error - maybe one of your vb tables is corrupt?

[MPDev]

Quote:

Originally Posted by TheEDIGuy

MPDev, this is a wonderful product. We've had people trip it several times, and it's very accurate. We've caught a few we didn't know about.

Thanks for the props; we've have infrequent issues with users who create accounts to cause problems on our site. It's nice to know who is doing the trolling when it becomes an issue.

[MPDev]

Quote:

Originally Posted by NeutralizeR

Great work.

Maybe this issue talked before but it's useless if somebody is using two browsers.

Internet Explorer and Firefox for example... Different cookies, and no game!

I'm using this hack though, thanks

This is true, not really anything I can do about that without trying to track IPs.

[luroca]

Quote:

Originally Posted by MPDev

This is true, not really anything I can do about that without trying to track IPs.

How can we know the IP when the user logins? Can we?