03-22-10 01:47 PM - Post#84008    

Subject: [3.0] Beta 1 - Multiple Identity Detector

Bug for: Fusion [3.0] Beta 1 -

: I can't seem to get the Multiple Identity Detector to work. I login to my test forum, using two different accounts, but it doesn't alert me.

03-22-10 04:46 PM - Post#84014    

    In response to Claude

Have you

Admin Panel -> Edit -> Configuration Settings -> User Settings

Limit Multiple Accounts = 1
Use Multiple Identity Detector = Checked
Forum to Post Duplicate Identities = <select> unless you want a PT then leave blank
MID Poster ID = <select> unless you want a PT then leave blank
MID PT Groups = <select> unless you want a post to a forum then leave blank

The artist formerly known as scroungr Couch-Tomatoe

03-22-10 06:36 PM - Post#84018    

    In response to Couchtomatoe

• Couchtomatoe Said:

Yep, did all that.

03-22-10 08:41 PM - Post#84020    

    In response to Claude

Ok then lets check the cookies.. go to help->My cookies Utility and see if you see an entry for fbb_mid

The artist formerly known as scroungr Couch-Tomatoe

03-23-10 10:04 AM - Post#84021    

    In response to Couchtomatoe

• Couchtomatoe Said:

I do. The value is: c1c

03-23-10 04:54 PM - Post#84025    

    In response to Claude

ok then when logging in as the other user thats suppose to add the second users values does it change between the users who are logged in?

The artist formerly known as scroungr Couch-Tomatoe

03-23-10 08:20 PM - Post#84030    

    In response to Couchtomatoe

• Couchtomatoe Said:

It does change.

When I login, it says "c1c"
When my "other" account logs in it says "c2c"

03-24-10 09:38 AM - Post#84040    

    In response to Claude

OK so the issue is its not adding its just changing.. so its not detecting the second login as a duplicate of the first..

What it does is the first time someone logs in it sets the fbb_mid cookie to
setcookie($conf['cookie_prefix'].'mid',"c".$session->uid."c",time()+846000,"{$conf['cookie_path']}","{$conf['cookie_domain']}");

so the user will have a cookie for fbb_mid set as c<user_id>c

the next time the user logs in then the fbb_mid cookie should already be set so so he gets checked for that fbb_mid cookie

elseif(!stristr($multiple,"c{$session->uid}c") && $session->uid > 0){

and if the same user id he gets accepted as the same user and the script bypasses the mid but if different

$multiple = $_COOKIE[$conf['cookie_prefix'].'mid'];
$multiple .= $session->uid."c";
setcookie($conf['cookie_prefix'].'mid',$multiple,time()+846000,"{$conf['cookie_path']}","{$conf['cookie_doma in']}");

it adds it so that fbb_mid is now c<1st userid>c<2nd userid>c

so the issue is your cookies are resetting every time.. so do this.. go into the site the 1st time and see if the cookie fbb_mid is there.. then get off the site and close the browser.. then go back into the browser but do not go to the site.. Check your cookies for the site and see if there is one called fbb_mid listed for that site..

Alternatively.. give me some login info for two accounts you created and I will check..

The artist formerly known as scroungr Couch-Tomatoe

03-24-10 10:46 AM - Post#84041    

    In response to Couchtomatoe

I figured it out.

If you login using the same browser, it detects the two accounts (cookie). If you use a different browser for the second account, it doesn't detect it.

FWIW, the old mod (from the Dev site) used to detect the duplicates even if you used a second browser. It must have worked differently.

03-24-10 05:35 PM - Post#84050    

    In response to Claude

• Claude Said:

Nope the one at the Devsite worked exactly like the incorporated one..

http://www.fusionbbdev.com/forum/showtop...


What it does
This mod sets a cookie on forum visitors computers that contains their user_id. If another user_id logs in to your site from that same computer, a POST will be made to a private forum of your choice (eg your moderator/admin forum).


And since Cookies are browser specific it can be bypassed using more then one browser.. thats why

Admin Panel -> Edit -> Configuration Settings -> User Settings -> Limit Multiple Accounts

which

This setting allows you to specify the maximum number of accounts allowed to have the same (real email) address. Setting this to 1 will enforce one account per email address for new registrations.


Limiting one account per IP is the only way not included and well theres ways around IP addressing as well.. If someone wants to really use two accounts on a site theres not much you can do to prevent it...

The artist formerly known as scroungr Couch-Tomatoe

03-24-10 11:16 PM - Post#84055    

    In response to Couchtomatoe

• Couchtomatoe Said:

I know nothing about how the "detector" is programmed, but I can tell you for a fact, that when I used the "old" detector, it did catch me logging in using two accounts - from two differenet browsers.

03-25-10 09:13 AM - Post#84057    

    In response to Claude

OK Claude. But not the one posted at the Devsite maybe another one from somewhere else.

http://www.fusionbbdev.com/forum/showtop...

The artist formerly known as scroungr Couch-Tomatoe

03-25-10 10:14 AM - Post#84058    

    In response to Couchtomatoe

• Couchtomatoe Said:

That's the one. I can't argue the reasons, but I can tell you that if I logged in with two different accounts, using two different browsers, it did work.

Perhaps it was using sessions in addition to cookies, but it did alert me.

05-05-10 04:22 PM - Post#84129    

    In response to Claude

Subject: [3.1] Finished 1 - Multiple Identity Detector

Bug for: Fusion [3.1] Finished 1 -

: I can't seem to get it to work. I have logged in and out with several accounts and it seems not to work.

05-05-10 04:32 PM - Post#84130    

    In response to Stephen

I haven't upgraded to 3.1, but I couldn't get it to work in 3.0 either. Finally gave up.

http://www.fusionbb.com/forum/showtopic....

05-05-10 04:47 PM - Post#84131    

    In response to Claude

Honestly there should be ZERO reason for it to have to POST to a forum. I would for one recommend that it be changed to just publish to a separate dedicated table and IF a user like MOD / ADMIN allows you access to CP then the system will query that TABLE seems much simpler and a lot less data to store just to determine if someone one as multiple accounts.

timestamp
IP address
user ID
aliases - an array of other usernames

The PT notice with a link to the cp option/script is sufficient.

This is a lot of detritus to store over and over in your database tables.

• Quote:

Stephen Dolenski FileMaker 7 Certified Developer FileMaker 8 Certified Developer FM Forums.com Administrator

05-06-10 09:56 AM - Post#84133    

    In response to Stephen

OK if using the same browser each time and allowing for cookies it does work. Issue is if not using the same browser and since cookies are browser specific it will not work.. I will add some more to it in 3.2 for session tracking.. As such the way to set it is check the check box and dependent if you want the groups to get PT's or send the info to a forum you setup that area..

The artist formerly known as scroungr Couch-Tomatoe

07-08-10 02:38 PM - Post#84247    

    In response to Couchtomatoe

This picked up on me logging in with my test account straight away on my 3.1 site.

07-11-10 07:09 PM - Post#84293    

    In response to sb1963

But today it didn't - same browser, no change to my cookie settings.

07-23-10 07:39 PM - Post#84382    

    In response to sb1963

I use firefox but if I'm in Ubuntu/Linux it doesn't pick me up - if I'm in Windows XP it does.

Claude/Stephen - are you Mac users?

Maybe it only works with Windows.