Multiple account login detector (AE Detector)

If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts.

Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned.

You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process.

New Installation
1. Add New Product with attached XML
2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings.

Time to install: Easy - 2 minutes.

Upgrade
If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly.

I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page.

To upgrade you will want to reimport this XML file and edit your options accordingly.

1.0.3
-----
. Added a check to ensure that users weren't deleted when reporting violations
. added htmlspecialchars_uni call to username

Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears.

1.0.2
-----
. Updated to include exclusion groups, users
. Changed so PM is sent by ae sender id

1.0.1
-----
. Released as a Product (thank you PHPGeek2k3 for your help)
. Added option to post to a forum versus send a PM (or both)
. All settings moved into Admin Option

1.0.0
-----
Initial release.

[alfaowner]

Quote:

Originally Posted by MPDev

The text as created in the plug-in; check your Plug-in manager.

Ah.. found this problem, I still had HTML templates comments switched on in the admin cp

[MPDev]

Updated to 1.0.2 release with new user/usergroup ignore options and moved message into phrases. You can update by reimporting the xml file and editing your options accordingly.

[alfaowner]

cool, i will try it out now

[CoreIssue]

Wheee! I just installed this yesterday!

Must be blind. I don't see the file anywhere.

[prawn]

with the new version i only have "multiplelogin_alert" in my pms.

[Zelda-King]

Happens with the threads too. Those still get posted. They're posted by the right account now though, rather than the dupe trigger.

[MPDev]

Ok, I updated the xml with a change to remove the phrase and go back to the string creation like I had it. I used some code provided to me and am not sure how the $message string is suppose to be prepared using the call that was in place; so will just use the code I had originally used to prepare the message text.

[Zelda-King]

Thanks! Well this one appears to work correctly except now I'm not getting the PMs.

Just something I've noticed (not sure if this is by design or not?): If I exempt user A and not user B, login as user A and then user B, the exemption takes effect. If I do it in reverse though (login as B then A), that still triggers it. Still, easily remedied by exempting both userids I suppose. I'm not sure I like not seeing who else could be logging into my Test account though.

[MPDev]

Well, if you exempt user A, then user A should never recorded as being logged into to begin with; so I'm not sure how the order would make any difference absed on the code (since the code doesnt care what order, either).

However, if you had a cookie in place previously then the values in that cookie would not be changed based on any userid; so you would need to make sure you are testing with no cookie already in place.

[Zelda-King]

I had just deleted all domain cookies but I shall run another check and verify.

Edit: Seems you're right.