Prevent Multiple logins MOD
Hi! A couple of weeks ago, I asked about whether it was possible to prevent multiple logins for the same account at the same time. I think I figured it out. I tested it out on my database and it seems to work.
In the auth.pl sub auth_check_password
Add this line at the beginning of the subroutine:
use File::Basename;
Add these codes after the line if (($in{'userid'} eq $userid) && (crypt($in{'pw'}, $pw) eq $pw)) {
opendir (DIRHANDLE, "$auth_dir") or &cgierr("unable to open auth directory: $auth_dir. Reason: $!\n");
@filelist = readdir (DIRHANDLE);
closedir (DIRHANDLE);
foreach $filename (@filelist) {
(@base, @ext) = split(/\./, $filename);
}
foreach $base (@base) {
if ($userid eq $base) {
my ($time) = &get_time;
my ($date) = &get_date;
open (IPLOG, "<$ip_log_file") or &cgierr("unable to open IP Log file: $ip_log_file. Reason: $!\n");
open (IPLOG, ">>$ip_log_file") or &cgierr("unable to open IP Log file: $ip_log_file. Reason: $!\n");
flock (IPLOG, 2) unless (!$db_use_flock);
print IPLOG "$userid|$server_auth|$time|$date\n";
close IPLOG;
close IPLOG;
open (MAIL, "$mailprog") or &cgierr("Can't start mail program");
print MAIL "To: $email\n";
print MAIL "From: $admin_email\n";
print MAIL "Subject: $html_title Multiple Logins of $userid detected.\n\n";
print MAIL "-" x 60 . "\n\n";
print MAIL "This is to inform you that our system has detected multiple logins for your account. This can mean 2 things:\n";
print MAIL "1) You have forgotten to logoff from the database using the \"Log Off\" link and close the window. In this case, do not worry. You will be able to log into the system after 2 hours\n";
print MAIL "OR\n";
print MAIL "2) There is a security breach of your account. This means that someone has gotten their hands on your StudentID and password and has tried to use it to gain access. To prevent further security breach, please change your password as soon as possible.\n\n";
print MAIL "If you face any problems, please reply to this message, with the above text quoted and inform us what is the problem you are facing.\n\n";
print MAIL "Thank you.\n\n";
close (MAIL);
return ('Multiple Logins have been detected for the username and password. Your IP address have been logged.');
}
}
You also need to add this lines in db.cfg
$ip_log_file = "/home/sites/www.vampirovibrio.per.sg/users/vampiro/web/academy/gms/iplog.log";
This MOD would prevent logins of the same username unless the authenticate file created by the database is deleted. My database is configured such that once a user Logs off, the authenticate file is removed. But if yours is configured in such a way that the authenticate file is only removed after a certain time, this MOD will still work except that the original user can't log on till after the time set by you.
I hope this MOD would be useful.
Julian
In the auth.pl sub auth_check_password
Add this line at the beginning of the subroutine:
use File::Basename;
Add these codes after the line if (($in{'userid'} eq $userid) && (crypt($in{'pw'}, $pw) eq $pw)) {
opendir (DIRHANDLE, "$auth_dir") or &cgierr("unable to open auth directory: $auth_dir. Reason: $!\n");
@filelist = readdir (DIRHANDLE);
closedir (DIRHANDLE);
foreach $filename (@filelist) {
(@base, @ext) = split(/\./, $filename);
}
foreach $base (@base) {
if ($userid eq $base) {
my ($time) = &get_time;
my ($date) = &get_date;
open (IPLOG, "<$ip_log_file") or &cgierr("unable to open IP Log file: $ip_log_file. Reason: $!\n");
open (IPLOG, ">>$ip_log_file") or &cgierr("unable to open IP Log file: $ip_log_file. Reason: $!\n");
flock (IPLOG, 2) unless (!$db_use_flock);
print IPLOG "$userid|$server_auth|$time|$date\n";
close IPLOG;
close IPLOG;
open (MAIL, "$mailprog") or &cgierr("Can't start mail program");
print MAIL "To: $email\n";
print MAIL "From: $admin_email\n";
print MAIL "Subject: $html_title Multiple Logins of $userid detected.\n\n";
print MAIL "-" x 60 . "\n\n";
print MAIL "This is to inform you that our system has detected multiple logins for your account. This can mean 2 things:\n";
print MAIL "1) You have forgotten to logoff from the database using the \"Log Off\" link and close the window. In this case, do not worry. You will be able to log into the system after 2 hours\n";
print MAIL "OR\n";
print MAIL "2) There is a security breach of your account. This means that someone has gotten their hands on your StudentID and password and has tried to use it to gain access. To prevent further security breach, please change your password as soon as possible.\n\n";
print MAIL "If you face any problems, please reply to this message, with the above text quoted and inform us what is the problem you are facing.\n\n";
print MAIL "Thank you.\n\n";
close (MAIL);
return ('Multiple Logins have been detected for the username and password. Your IP address have been logged.');
}
}
You also need to add this lines in db.cfg
$ip_log_file = "/home/sites/www.vampirovibrio.per.sg/users/vampiro/web/academy/gms/iplog.log";
This MOD would prevent logins of the same username unless the authenticate file created by the database is deleted. My database is configured such that once a user Logs off, the authenticate file is removed. But if yours is configured in such a way that the authenticate file is only removed after a certain time, this MOD will still work except that the original user can't log on till after the time set by you.
I hope this MOD would be useful.
Julian