Back to Post
| Username | Post: [3.0] Beta 1 - Multiple Identity Detector | |
|---|---|---|
|
Claude FusionBB Fanatic Posts 1413 
|
03-22-10 01:47 PM - Post#84008
Subject: [3.0] Beta 1 - Multiple Identity Detector Bug for: Fusion [3.0] Beta 1 - : I can't seem to get the Multiple Identity Detector to work. I login to my test forum, using two different accounts, but it doesn't alert me. |
|
|
Couchtomatoe Code Monkey Posts 3049 
|
03-22-10 04:46 PM - Post#84014
Have you Admin Panel -> Edit -> Configuration Settings -> User Settings Limit Multiple Accounts = 1 Use Multiple Identity Detector = Checked Forum to Post Duplicate Identities = <select> unless you want a PT then leave blank MID Poster ID = <select> unless you want a PT then leave blank MID PT Groups = <select> unless you want a post to a forum then leave blank
|
|
|
Claude FusionBB Fanatic Posts 1413
|
03-22-10 06:36 PM - Post#84018
Have you Admin Panel -> Edit -> Configuration Settings -> User Settings Limit Multiple Accounts = 1 Use Multiple Identity Detector = Checked Forum to Post Duplicate Identities = <select> unless you want a PT then leave blank MID Poster ID = <select> unless you want a PT then leave blank MID PT Groups = <select> unless you want a post to a forum then leave blank Yep, did all that.
|
|
|
Couchtomatoe Code Monkey Posts 3049
|
03-22-10 08:41 PM - Post#84020
Ok then lets check the cookies.. go to help->My cookies Utility and see if you see an entry for fbb_mid
|
|
|
Claude FusionBB Fanatic Posts 1413
|
03-23-10 10:04 AM - Post#84021
Ok then lets check the cookies.. go to help->My cookies Utility and see if you see an entry for fbb_mid I do. The value is: c1c
|
|
|
Couchtomatoe Code Monkey Posts 3049
|
03-23-10 04:54 PM - Post#84025
ok then when logging in as the other user thats suppose to add the second users values does it change between the users who are logged in?
|
|
|
Claude FusionBB Fanatic Posts 1413
|
03-23-10 08:20 PM - Post#84030
ok then when logging in as the other user thats suppose to add the second users values does it change between the users who are logged in? It does change. When I login, it says "c1c" When my "other" account logs in it says "c2c"
|
|
|
Couchtomatoe Code Monkey Posts 3049
|
03-24-10 09:38 AM - Post#84040
OK so the issue is its not adding its just changing.. so its not detecting the second login as a duplicate of the first.. What it does is the first time someone logs in it sets the fbb_mid cookie to setcookie($conf['cookie_prefix'].'mid',"c".$session->uid."c",time()+846000,"{$conf['cookie_path']}","{$conf['cookie_domain']}"); so the user will have a cookie for fbb_mid set as c<user_id>c the next time the user logs in then the fbb_mid cookie should already be set so so he gets checked for that fbb_mid cookie elseif(!stristr($multiple,"c{$session->uid}c") && $session->uid > 0){ and if the same user id he gets accepted as the same user and the script bypasses the mid but if different $multiple = $_COOKIE[$conf['cookie_prefix'].'mid']; $multiple .= $session->uid."c"; setcookie($conf['cookie_prefix'].'mid',$multiple,time()+846000,"{$conf['cookie_path']}","{$conf['cookie_doma in']}"); it adds it so that fbb_mid is now c<1st userid>c<2nd userid>c so the issue is your cookies are resetting every time.. so do this.. go into the site the 1st time and see if the cookie fbb_mid is there.. then get off the site and close the browser.. then go back into the browser but do not go to the site.. Check your cookies for the site and see if there is one called fbb_mid listed for that site.. Alternatively.. give me some login info for two accounts you created and I will check..
|
|
|
Claude FusionBB Fanatic Posts 1413
|
03-24-10 10:46 AM - Post#84041
I figured it out. If you login using the same browser, it detects the two accounts (cookie). If you use a different browser for the second account, it doesn't detect it. FWIW, the old mod (from the Dev site) used to detect the duplicates even if you used a second browser. It must have worked differently.
|
|
|
Couchtomatoe Code Monkey Posts 3049
|
03-24-10 05:35 PM - Post#84050
I figured it out. If you login using the same browser, it detects the two accounts (cookie). If you use a different browser for the second account, it doesn't detect it. FWIW, the old mod (from the Dev site) used to detect the duplicates even if you used a second browser. It must have worked differently. Nope the one at the Devsite worked exactly like the incorporated one.. http://www.fusionbbdev.com/forum/showtop... What it does This mod sets a cookie on forum visitors computers that contains their user_id. If another user_id logs in to your site from that same computer, a POST will be made to a private forum of your choice (eg your moderator/admin forum). And since Cookies are browser specific it can be bypassed using more then one browser.. thats why Admin Panel -> Edit -> Configuration Settings -> User Settings -> Limit Multiple Accounts which This setting allows you to specify the maximum number of accounts allowed to have the same (real email) address. Setting this to 1 will enforce one account per email address for new registrations. Limiting one account per IP is the only way not included and well theres ways around IP addressing as well.. If someone wants to really use two accounts on a site theres not much you can do to prevent it...
|
|
|
Claude FusionBB Fanatic Posts 1413
|
03-24-10 11:16 PM - Post#84055
I figured it out. If you login using the same browser, it detects the two accounts (cookie). If you use a different browser for the second account, it doesn't detect it. FWIW, the old mod (from the Dev site) used to detect the duplicates even if you used a second browser. It must have worked differently. Nope the one at the Devsite worked exactly like the incorporated one.. http://www.fusionbbdev.com/forum/showtop... What it does This mod sets a cookie on forum visitors computers that contains their user_id. If another user_id logs in to your site from that same computer, a POST will be made to a private forum of your choice (eg your moderator/admin forum). And since Cookies are browser specific it can be bypassed using more then one browser.. thats why Admin Panel -> Edit -> Configuration Settings -> User Settings -> Limit Multiple Accounts which This setting allows you to specify the maximum number of accounts allowed to have the same (real email) address. Setting this to 1 will enforce one account per email address for new registrations. Limiting one account per IP is the only way not included and well theres ways around IP addressing as well.. If someone wants to really use two accounts on a site theres not much you can do to prevent it... I know nothing about how the "detector" is programmed, but I can tell you for a fact, that when I used the "old" detector, it did catch me logging in using two accounts - from two differenet browsers.
|
|
|
Couchtomatoe Code Monkey Posts 3049
|
03-25-10 09:13 AM - Post#84057
OK Claude. But not the one posted at the Devsite maybe another one from somewhere else. http://www.fusionbbdev.com/forum/showtop...
|
|
|
Claude FusionBB Fanatic Posts 1413
|
03-25-10 10:14 AM - Post#84058
OK Claude. But not the one posted at the Devsite maybe another one from somewhere else. http://www.fusionbbdev.com/forum/showtop... That's the one. I can't argue the reasons, but I can tell you that if I logged in with two different accounts, using two different browsers, it did work. Perhaps it was using sessions in addition to cookies, but it did alert me.
|
|
 StephenMostly Harmless Posts 2514 
|
05-05-10 04:22 PM - Post#84129
Subject: [3.1] Finished 1 - Multiple Identity Detector Bug for: Fusion [3.1] Finished 1 - : I can't seem to get it to work. I have logged in and out with several accounts and it seems not to work. |
|
|
Claude FusionBB Fanatic Posts 1413
|
05-05-10 04:32 PM - Post#84130
I haven't upgraded to 3.1, but I couldn't get it to work in 3.0 either. Finally gave up. http://www.fusionbb.com/forum/showtopic....
|
|
|
Stephen Mostly Harmless Posts 2514
|
05-05-10 04:47 PM - Post#84131
Honestly there should be ZERO reason for it to have to POST to a forum. I would for one recommend that it be changed to just publish to a separate dedicated table and IF a user like MOD / ADMIN allows you access to CP then the system will query that TABLE seems much simpler and a lot less data to store just to determine if someone one as multiple accounts. timestamp IP address user ID aliases - an array of other usernames The PT notice with a link to the cp option/script is sufficient. This is a lot of detritus to store over and over in your database tables.
"Multiple Identities Detected... Oh My!!!"; "Your new super stealth identity detection script has detected a breach!<br /><br />%s<br />Have all logged in from the same computer.<br />Very interesting indeed!";
|
|
|
Couchtomatoe Code Monkey Posts 3049
|
05-06-10 09:56 AM - Post#84133
OK if using the same browser each time and allowing for cookies it does work. Issue is if not using the same browser and since cookies are browser specific it will not work.. I will add some more to it in 3.2 for session tracking.. As such the way to set it is check the check box and dependent if you want the groups to get PT's or send the info to a forum you setup that area..
|
|
 sb1963FusionBB Fanatic Posts 1636 |
07-08-10 02:38 PM - Post#84247
This picked up on me logging in with my test account straight away on my 3.1 site. |
|
|
sb1963 FusionBB Fanatic Posts 1636 |
07-11-10 07:09 PM - Post#84293
But today it didn't - same browser, no change to my cookie settings. |
|
|
sb1963 FusionBB Fanatic Posts 1636 |
07-23-10 07:39 PM - Post#84382
I use firefox but if I'm in Ubuntu/Linux it doesn't pick me up - if I'm in Windows XP it does. Claude/Stephen - are you Mac users? Maybe it only works with Windows. |
|
|
Claude FusionBB Fanatic Posts 1413
|
07-24-10 10:49 AM - Post#84385
Claude/Stephen - are you Mac users? Yep, I'm using a Mac.
|
|
|
FusionBB™ Version 3.2 | ©2003-2013 InteractivePHP, Inc.
Execution time: 0.059 seconds. Total Queries: 98 Zlib Compression is on.
All times are (GMT-4). Current time is 11:32 AM
Top
Execution time: 0.059 seconds. Total Queries: 98 Zlib Compression is on.
All times are (GMT-4). Current time is 11:32 AM
Top