Administrative and Maintenance Tools - Multiple Account Registration Prevention

*Note* This requires the Multiple Account Login Detector (AE Detector) in order to function. Big thanks to MPDev for the AE Detector hack, I have used/modified his code for use in parts of this mod (with permission).

*Note 2* My forum's servers are driving me nuts right now, big load times, etc and I'm about to cut myself from waiting for a page to load - so I haven't thoroughly tested all the new goodies I've added. If you find that something doesn't work please let me know.

Description
When an user registers, this plugin checks for the cookie that the AE Detector sets, if it exists, then this plugin will move the user to a specified usergroup (default is to the (COPPA) Users Awaiting Moderation usergroup). This will now check the user's IP address upon registration, and if it matches any others, it will place them in the Multiple Account (MA) usergroup . Also you have the option to ban the new account if the old account was banned.

You can turn the new features on/off accordingly in the settings area.


Install / Upgrade
Download the attached XML file, and import it at
Admin Control Panel > Plugins & Products > Manage Products > Add/Import Product

Remember to "Allow Overwrite" if you are upgrading.

Mod Info
1 - Query
3 - Phrases
2 - Plugins
0 - Template
0 - Template Edits


v1.0.2

• Fixed some major bugs that made the last release basically useless.

v1.0.1

• There is now an option prevent account registrations based on IP addresses.
• If a banned user attempts to create a new account, the new account will automatically be banned.
• Multiple account registrations will now send a PM or make a thread

v1.0.0

• Initial beta release

Please click "Install" if you have installed this mod! Thanks!

[Quarterbore]

I had a major problem with the original hack as I did a site upgrade using Impex and MOST of my member's userid shifted. So, using this, I should be able to prevent these members from registereing unless they are clever enough to clear the cookies in their browser or register from a second PC that they had not previously logged in from...

I'll have to try it!

Works great even with my issues with duplicate IDs...

The only addition I would like to see is an option to send a PM or start a new thread when a member tries to join that was flagged as already as being a member with the other member ID info... The way this works the members is put in the moderated list but there is no easy way to know it is there or why.

[Quarterbore]

Woot... It works Now!!! I really needed this... I will leave it between the two coders that made the hacks to decide who deserves the credit as I just slapped the two pieces together....

PHP Code:

//if the cookie exists then we know that the user already has an account
if (isset($_COOKIE['IDstack']) && $vbulletin->options['marpon'])
{
    //set the usergroup to the one specified in options, or Users Awaiting Moderation
    $userdata->set('usergroupid', $vbulletin->options['marpusergroup']);

    
    //Update their ID stack and PM or Post to thread

    $idstack = $_COOKIE['IDstack']; 
    
                                $idstack .= ",{$vbulletin->userinfo['userid']},"; 
                                setcookie("IDstack", $idstack, time()+10368000, "/"); 
         
                                $Unums = split(",", $idstack); 
                                $andids = null; 
                                $numvs = 0; 
                                 
                                for ($i = 0; $i < (sizeof($Unums)); $i++)  
                                { 
                                    if( verify_id('user', $Unums[$i], FALSE, -1, -1) ) 
                                    { 
                                        if (!empty($Unums[$i]) && is_numeric($Unums[$i])) {         
                                            $checkuser = $vbulletin->db->query_first("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid={$Unums[$i]}"); 
                                            if ( !empty($andids) ) $andids .= "and"; 
                                            $andids .= " [url=". $vbulletin->options['bburl'] ."/member.php?u=" . $Unums[$i] . "] ". $checkuser['username'] ."[/url] "; 
                                            $numvs++; 
                                        } 
                                    } 
                                } 
                                 
                            
                                $allowsmilie = '1'; 
                                $visible = '1'; 
                                //$message = construct_phrase($vbphrase['multiplelogin_alert'], htmlspecialchars_uni($vbulletin->userinfo['username']), $andids); 
                                $message = htmlspecialchars_uni($vbulletin->userinfo['username']) . " seems to be registering a multiple personality using $andids sharing the same computer."; 
    
                                // get admin users 
                                $adminusers = split(",", $vbulletin->options['ae_adminusers']); 
                                $fromuser = fetch_userinfo($vbulletin->options['ae_sender']); 
                                $subject = $vbulletin->userinfo['username'] . " opened another account"; 
                                 
                                // create the DM to do error checking and insert the new PM (needs to be here) 
                                $pmdm =& datamanager_init('PM', $vbulletin, ERRTYPE_SILENT); 
                                $ipaddress = $vbulletin->config['ae_adminip']; 
         
                                if($vbulletin->options['ae_sendpm'] == '1') 
                                { 
                                    $pmdm->set('fromuserid', $fromuser['userid']); 
                                    $pmdm->set('fromusername', $fromuser['username']); 
                                    $pmdm->set_info('reciept', false); 
                                    $pmdm->set_info('savecopy', false); 
                                    $pmdm->set('title', $subject); 
                                    $pmdm->set('message', $message); 
                                    $pmdm->set_recipients($vbulletin->options['ae_recipients'], $fromuser['permissions']); 
                                    $pmdm->set('dateline', TIMENOW); 
                                    $pmdm->save(); 
                                } 
         
                                if($vbulletin->options['ae_startthread'] == '1' AND $vbulletin->options['ae_forumid']) 
                                { 
                                    require_once(DIR . '/includes/class_dm_threadpost.php'); 
         
                                    // setup variables 
                                    $forumid = $vbulletin->options['ae_forumid']; 
                                    $threaddm = new vB_DataManager_Thread_FirstPost($vbulletin, ERRTYPE_STANDARD); 
                                         
                                    // insert thread 
                                    $threaddm->do_set('forumid', $forumid); 
                                    $threaddm->do_set('userid', $fromuser['userid']); 
                                    $threaddm->do_set('username', $fromuser['username']); 
                                    $threaddm->do_set('pagetext', $message); 
                                    $threaddm->do_set('title', $subject); 
                                    $threaddm->do_set('allowsmilie', $allowsmilie); 
                                    $threaddm->do_set('visible', $visible); 
                                    $tid = $threaddm->save(); 
         
                                    require_once(DIR . '/includes/functions_databuild.php'); 
                                    build_forum_counters($forumid); 
                                } 
} 


If this was wrong of me to post the code here with the code from the original AE detector mod, send me a PM and I will remove it...

[randominity]

I was gonna do the same thing, just had to study for exams this week ~~

[Quarterbore]

This fixed all my problems...

Now, I need to remove the code from the original hack that posts when they login as with almost 2000-members and about 1500 that have a new userid I got real tired of all the false hits... Now, I get a report when the new account is started and NOT when userids shift because of a site upgrade...

I have tested this quite a bit on my site (my hybrid of the two hacks) and it seems stable on my site and it would report as few as two or as many as I care to create! Simply awsome... Thanks!

[DementedMindz]

strange I had ae go off this morning yet it didnt move the new account into banned usergroup.

[viyanali]

really nice work. think evreyone who uses ae is searching for something like that.
Now my questions
is it possible that may a banned user will be put automaticly in the banned group? and a second suggestion(question) the automatic thread creation only works when the user logs out and logs in again. thats a problem because when i have to moderate the user i have to know wich usernames he/she had before. could be there a option to list all usernames from AE like the ipinfo hack.(without searching the threads
I think these two options would make this hacks perfect.

[Quarterbore]

Quote:

Originally Posted by viyanali

really nice work. think evreyone who uses ae is searching for something like that.
Now my questions
is it possible that may a banned user will be put automaticly in the banned group? and a second suggestion(question) the automatic thread creation only works when the user logs out and logs in again. thats a problem because when i have to moderate the user i have to know wich usernames he/she had before. could be there a option to list all usernames from AE like the ipinfo hack.(without searching the threads
I think these two options would make this hacks perfect.

The code I posted takes care of the second part... When a person registeres that already has the cookie on their machine they cause the generation of a new thread or PM (I did not test the PM as I have that disabled on my site) and the new thread lists all the accounts that person has.

As for the first question, that is a tougher issue... The cookie does contain an array of userids that the user had logged in with so I guess you could run the values in there against the banned usergroup. If you get a match then you could ban the new userid.. Personally, as long as they can't post they can't do my site too much harm so I am not going to code that myself...

[viyanali]

hmm thx that was what i needed..
The only thing is that there is a little bug. Because u hook the registration process location u get for a evrey multiple account registration try a thread wich means when somebody writes the informations and hits register and cant couse of for example wrong image verfication u get a thread opened. If then the user decided not to register u have a wrong thread.. and a second one is if the user trys to register and again for example he hits registration button 3 times couse he wrote always the code false u will get 3 threads and so on. I still use the code u sended but i made a new plugin with that code wich hooks the register_addmember_complete location. So its working without bugs now

[murrtex]

when I use firefox I can register from the other browsers..why??

[randominity]

Quote:

Originally Posted by murrtex

when I use firefox I can register from the other browsers..why??

because it is cookie based, each browser's cookies are different.