Administrative and Maintenance Tools - Multiple account login detector (AE Detector)

Mod of the Month winner!
Top 10 most installed mods for vB3.6!

Same plug-in found here:

https://vborg.vbsupport.ru/showthread.php?t=125871

There are no differences as this plug-in works with the 3.5, 3.6 or 3.7 releases of vBulletin.

If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts.

Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned.

You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process.

New Installation
1. Add New Product with attached XML
2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings.

Time to install: Easy - 2 minutes.

Upgrade
If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly.

I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page.

To upgrade you will want to reimport this XML file and edit your options accordingly.

1.0.3
-----
. Added a check to ensure that users weren't deleted when reporting violations
. added htmlspecialchars_uni call to username

Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears.

1.0.2
-----
. Updated to include exclusion groups, users
. Changed so PM is sent by ae sender id

1.0.1
-----
. Released as a Product (thank you PHPGeek2k3 for your help)
. Added option to post to a forum versus send a PM (or both)
. All settings moved into Admin Option

1.0.0
-----
Initial release.

[TheLastSuperman]

Quote:

Originally Posted by jagtpf

ps Admins - why am I seeing your debug info !

Paul was doing some misc work on the site earlier, it's still up but no worries just basic info .

Quote:

Originally Posted by jagtpf

Yes, as the guide says, there's a tool in Firefox which I cleared of the 3 cookies. ....

Odd, you could temp redo cookie prefix in config, this way your pc will generate newly prefixed cookie for the site and pull current info, when done testing change back but in the meantime anyone who visits the site will have a new cookies generated with the alternate prefix etc.

[jagtpf]

It's sitting quietly in the background, perhaps doing something, but nothing has triggered as yet - BUT we are a relatively quiet Forum - perhaps our mischievous gentlemen have left us alone....

[jagtpf]

[s]Sadly a member using the same email address and the same ID had two accounts (a long-standing member so may have gotten on before same email switch was set) did not trigger the mod.[/s]

EDIT: Plot thickens : there was an attempt by the member to log in via an account that was banned a year ago - [s]so perhaps that's why it wasn't triggered?[/s]

It worked !

The banned account obviously set up the cookie and when the member tried with their main account it triggered the mod :thumbsup:

[jagtpf]

^^^Well, at least it confirms the decision a year ago - to ban the account ^^^^

[jagtpf]

Quote:

Originally Posted by jagtpf

[s]Sadly a member using the same email address and the same ID had two accounts (a long-standing member so may have gotten on before same email switch was set) did not trigger the mod.[/s]

EDIT: Plot thickens : there was an attempt by the member to log in via an account that was banned a year ago - [s]so perhaps that's why it wasn't triggered?[/s]

It worked !

The banned account obviously set up the cookie and when the member tried with their main account it triggered the mod :thumbsup:

Quote:

Originally Posted by jagtpf

^^^Well, at least it confirms the decision a year ago - to ban the account ^^^^

This member with two accounts was banned, sadly he created a further three accounts which were not detected.

[Alan_SP]

If user knows what this mods looking for, he can avoid it. And that can be done very easily. As you probably know, cookies are easily controlled within any browser, just deleting all cookies, or if user is more technically inclined, deleting only cookies associated with site in question, disables this mod from knowing this user.

Usually the most annoying users learn this fact fast.

If someone would implement something like http://samy.pl/evercookie/ this would make deleting cookies harder, but not impossible.

[SP411]

Detector has never been wrong.

It's working properly now as it's still catching the usual suspects.

It caught someone logging in to all the Admin handles, which is concerning obviously.
https://www.sp411.cc/threads/198886-...ight=detection

How can this be?

Can anyone offer me any advice?

[ivanp]

For PHP 7 compatibility all calls to split function should be changed to explode in product-ae_detection.xml.

[bryanb]

I've been relying on this for years and years. Is anyone using this in vB 5 or something equivalent? we may be upgrading soon.

[Hilary]

I have vB 4.2.5, php 5.6, and I'm very much afraid this has stopped working. (It worked in earlier versions of vb4 - I don't know whether it was the php or vB upgrade that killed it.) I would gladly pay to get it back. Anyone have any suggestions?