Account Sharing Prevention

From AMember Pro Manual

Jump to: navigation, search

aMember allows you to control the access that members have based on their IP address. This access can be controlled both on a site wide level and on an individual user level.

Enable Account Sharing Prevention

  • Open the aMember Admin Control Panel
  • From the left menu chose Setup/Configuration
  • From the top menu chose Advanced
  • The Advanced Configuration window opens
  • There are two options here for access control:
  • Maximum count of different IP
  • Set this to the maximum number of different IP addresses a single user may connect from in a given period.
  • Count IP for ... minutes
  • The period in minutes for which IP addresses should be counted

Default values are good for most websites.

Controlling Access on a User by User Basis

There also options for IP locking that can be used on a user by user basis. These allows you to control the access of individual members. This may be useful for example if you wish to ban a user, or to allow a user more liberal access than would be permissible under the IP access control settings as set above.

To see these options open any user record.

  • Open the aMember Admin Control Panel
  • From the left menu chose Browse users
  • Open any user record
  • In the record you will see a field: "Locked: auto-locking by IP"
  • There are three options here:
  • No (default): means not-locked, user has normal access
  • Yes: means locked - user's access is suspended
  • Disable Autolock for this User: User will be able to connect using as many different IP addresses as they wish.

Setting up IP-Checking with .htpasswd protection

To enable IP checking if you are protecting files with htpasswd, you must create in each your of your protected directories a php file, named log_access.php with following content: 

<?php
include "/home/user/public_html/amember/log_access.inc.php";
?>

(replace /home/user/public_html/amember/ with an actual unix path (not URL!) to aMember folder.

When a user accesses this file, the aMember script automatically writes a log record and does IP checking. To ensure that this file is called automatically, you must insert in your protected HTML pages following code: 

<script src="log_access.inc.php"></script>

or 

<img src="log_access.inc.php" width=1 height=1>

The above assumes that the log.access.inc.php file is in the same directory as the pages to which the code is added, as it should be.

Retrieved from "http://manual.amember.com/Account_Sharing_Prevention"