Hi, I have a secure area for my Website. Its a folder in web server( for example "http://www.mysite.com/Securefolder/"). INorder to View the folder user must register with the site. When a user register a new entry is made to ".htpasswd" file in the secure folder and the username and password is mailed to user. Here the tough part come. I charge Some amount for registration. Normally what users do is one will register and pass the username and password to others and they can also access the secure area. I want to prevent this So I thought about two options 1. Cookie 2. IP address tracking. We cannot replay on cookie because , it can be get deleted at any time. The second is IP address and its also cannot be relayed as most of the users don't have a static IP CAn Anyone tell me a Possible solution for this issue?. Thanks in Advance , Regards, KOCHI
That's a tough one. I'd force the use of cookies. Plenty of big sites that do just that. No cookies, no go. Alternatively yuo can ask for a 3d parameter besides user & pass, something that will change and can only be known by the original subscriber. You could e-mail them this month's newsletter with the 'pass key' of June in it or something. That way it requires regular logistics between the subscriber and his friends to keep the scam going. For most too much effort.
Cookies are client-side data and can be forged. Using IP address will make it inconvenient for legitimate users, as they may get new address every time they connect (heck, AOL uses server farms and makes every HTTP request from a different IP address) I would track if there's more than one user/password combination currently logged in and if there is, would contact this user and notified them that they are violating TOS or simply not allowed multiple users like these to get in. J.D.
if you are running C-panel on your server and the user only needs to log-in once per browser session then you could use Leech Protect i suppose. dont know if that is of any help but may work for what you need