Author Topic: [CODE] - Multiple Account Filter  (Read 962 times)

KHDev

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 503
  • Karma: +43/-2
  • Etano Contributor (Skins & Mods)
    • KH Web Development
[CODE] - Multiple Account Filter
« on: November 04, 2015, 09:39:12 AM »
Multiple Account Filter - fight against multiple accounts with this simple modification. Multiple accounts are a common issue on membership sites and with this simple filter youll be able to fight against them.

How it works:

When a user registers their ip address will be compared to recent entries in your site_log to see if any other user/s has recently used your site with the same IP address. If another user/s has been found then the new account will get flagged and an email will be sent to you with relevant details (username, possible relevant users and a search link to find possible related accounts).

Once you have investigated the report you can choose to unflag or whitelist the account if you dealt with the other accounts.

Whitelist Option
If you whitelist a user then their account will no longer be checked when they login. This is useful if you have verified that the user has no other accounts but theres a possibility they may get flagged in future because they use an public wifi, proxy, library, shared connection ect..

Whitelisted accounts only bypass the login check when they login to the whitelisted account. If they somehow have another account and login into it or try to register a new account then they will be checked against the site_log.

NOTE! This method is not 100% effective and can sometimes produce "False Positives" (see below).

IMPORTANT INFORMATION

False positives
Its possible genuine users can get flagged as its possible for genuine users to get a shared/recycled ip.

Local Based Sites
If your site targets a specific region and several of your users use the same cafe/library/public wifi connection then they will likely get flagged.

Blind Spots
Its possible for multiple accounts to slip through the net by using multiple devices/connections but if they're active then chances are they will slip up and get caught by the login check.

Limited Scope
Site logs are cleared every 31 days by default. So the check will only scan against accounts active during that time. By having the login check its possible the user may slip up by logging out of one account and logging into an old account which the check would catch.

Proxy Use
If a user uses a proxy service then its possible for them to slip through (obviously if someone else has used the same service and they get the same ip then they'll get flagged) however, if multiple users use  the same service then its possible they will get flagged even if they are genuine. Not all proxy use is bad as some have genuine reasons for using such a service.

Disclaimer!

This contribution is offered freely without any warranty or liability. While strong efforts have been taken to ensure the reliability,
efficiency, and stability all coding carries risk. Instructions on installation are provided as guidelines and any line reference may differ if you have a custom version. It is your responsibility to back up any files you edit in the event something goes wrong!

It is your responsibility to investigate if a flagged user is genuine or fake. Id suggest getting them to upload/email a photo of them with a bit of paper with your sites address on and their username. If you punish genuine users it can have a negative impact on your reputation (bad reviews ect.)




INSTALLATION
! ! BACK UP ANY FILES BEFORE EDITING ! !


Required Files:

unflag_user.php
whitelist_user.php
unwhitelist_user.php

These files need to be uploaded to your site in (yoursite > admin > processors) folder

Click here to download them


Please make sure you have set up your admin alert email! (Site Options > Basic Features > Send alerts to this email address)




First we need to add a new column to the user_profiles table in the database so we can flag/whitelist user profiles.
Simply access your database and select the "dsb_user_profiles" table. Now, select the SQL tab and use the following in the query box:

Code: [Select]
ALTER TABLE  `dsb_user_profiles` ADD  `flagged_ma` TINYINT( 1 ) UNSIGNED NOT NULL DEFAULT  '0' AFTER  `del`
Select GO/Save and it should add the necessary column.



Now, We need to add 2 new functions which will run the checks:

Open includes > general_functions.inc.php

and add the following:

Code: [Select]
<?php #### IGNORE THIS LINE ####

function check_ip($check_ip) {
$myreturn=array();
global $dbtable_prefix;
// Selects all recently active users who use the same IP
$query="SELECT DISTINCT `user` FROM `{$dbtable_prefix}site_log` WHERE `ip`=$check_ip AND `fk_user_id`>0";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
for ($i=0;$i<mysql_num_rows($res);++$i) {
$myreturn[]=mysql_result($res,$i,0);
}
return $myreturn;
}

function 
check_login_ip($uip,$uid) {
$myreturn=array();
global $dbtable_prefix;
$query="SELECT DISTINCT `user` FROM `{$dbtable_prefix}site_log` WHERE `ip`=$uip AND `fk_user_id` NOT IN (0,$uid)";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
for ($i=0;$i<mysql_num_rows($res);++$i) {
$myreturn[]=mysql_result($res,$i,0);
}
return $myreturn;
}


and save!



Now, open processors > join.php



Code: [Select]
<?php #### IGNORE THIS LINE #####

// Around line 153 find:

queue_or_send_message($welcome_mess,true);

// Now just below it add: 

if(isset($_SERVER['REMOTE_ADDR'])){
$check['ip']=sprintf('%u',ip2long($_SERVER['REMOTE_ADDR']));
// Checks IP against site log for any recent activity by other users with the same IP
$multi_account=check_ip($check['ip']);
// If multiple accounts detected lets send a email to admin
if (!empty($multi_account)) {
$input['related_accounts']=join(', ',$multi_account);
$config=get_site_option(array('alert_email','alert_on_join'),'core');
// Email content - New user details, Related usernames and IP search link
$ma_email['subject']='Possible multiple account ';
$ma_email['message_body']='User: '.$input['user']."<br />\n";
$ma_email['message_body'].='Email: '.$input['email']."<br />\n";
$ma_email['message_body'].='Possible related accounts: '.$input['related_accounts']."<br />\n";
$ma_email['message_body'].='View Possible Related Accounts: <a href="'._BASEURL_.'/admin/member_results.php?ip='.$check['ip'].'">'._BASEURL_.'/admin/member_results.php?ip='.$check['ip'].'</a>'."<br />\n";
$ma_email['message_body'].='Link: <a href="'._BASEURL_.'/admin/member_results.php?user='.$input['user'].'">'._BASEURL_.'/admin/member_results.php?user='.$input['user'].'</a>'."<br />\n";
queue_or_send_email($config['alert_email'],$ma_email);

// Flag new account, use ip search link to find related accounts
$fl_user=$_SESSION[_LICENSE_KEY_]['user']['reg_id'];
$query="UPDATE `{$dbtable_prefix}user_profiles` SET `flagged_ma`='1' WHERE `fk_user_id`=$fl_user";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
}
}

And save!





Now, open processors > login.php


Code: [Select]
<?php #### IGNORE THIS LINE ####

// Around line 40 find:

$query="SELECT a.`".USER_ACCOUNT_ID."` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `".USER_ACCOUNTS_TABLE."` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`".USER_ACCOUNT_ID."`=b.`fk_user_id` WHERE a.`".USER_ACCOUNT_USER."`='$user' AND a.`".USER_ACCOUNT_PASS."`=".PASSWORD_ENC_FUNC."('$pass')";

Change it to:  

$query="SELECT a.`".USER_ACCOUNT_ID."` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat`, b.`flagged_ma` FROM `".USER_ACCOUNTS_TABLE."` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`".USER_ACCOUNT_ID."`=b.`fk_user_id` WHERE a.`".USER_ACCOUNT_USER."`='$user' AND a.`".USER_ACCOUNT_PASS."`=".PASSWORD_ENC_FUNC."('$pass')";



Now:


Code: [Select]
<?php #### IGNORE THIS LINE ####

// Around line 49/50 add :

if ($user['flagged_ma']==0) {
if(isset($_SERVER['REMOTE_ADDR'])){
$check['ip']=sprintf('%u',ip2long($_SERVER['REMOTE_ADDR']));
// Checks current ip against site log for other accounts with the same ip address
$multi_account=check_login_ip($check['ip'],$user['user_id']);
// Email only sent if multiple accounts are detected
if (!empty($multi_account)) {
$input['related_accounts']=join(', ',$multi_account);
$config=get_site_option(array('alert_email','alert_on_join'),'core');

// Sends email to admin with related account user names and ip search link
$ma_email['subject']='Possible multiple account detected at login ';
$ma_email['message_body']='User: '.$user['user']."<br />\n";
$ma_email['message_body'].='Possible related accounts: '.$input['related_accounts']."<br />\n";
$ma_email['message_body'].='View Possible Related Accounts: <a href="'._BASEURL_.'/admin/member_results.php?ip='.$check['ip'].'">'._BASEURL_.'/admin/member_results.php?ip='.$check['ip'].'</a>'."<br />\n";
$ma_email['message_body'].='Link: <a href="'._BASEURL_.'/admin/member_results.php?user='.$user['user'].'">'._BASEURL_.'/admin/member_results.php?user='.$user['user'].'</a>'."<br />\n";
queue_or_send_email($config['alert_email'],$ma_email);

// Flags the current user account, use ip search link to find related accounts
$ma_uid=$user['user_id'];
$query="UPDATE `{$dbtable_prefix}user_profiles` SET `flagged_ma`='1' WHERE `fk_user_id`=$ma_uid";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
}
}
}

and Save!





Now open admin > member_results.php

Code: [Select]
<?php #### IGNORE THIS LINE #####

// Around line 70 add :

$input['ip']=sanitize_and_format_gpc($_GET,'ip',TYPE_INT,0,0);
if (empty($input['ip'])) {
unset($input['ip']);
}
$input['is_flagged']=sanitize_and_format_gpc($_GET,'is_flagged',TYPE_INT,0,0);
if (empty($input['is_flagged'])) {
unset($input['is_flagged']);
}


Code: [Select]
<?php #### IGNORE THIS LINE #####

// Around line 116 (before the // continue building the where... part) add :

if (isset($input['ip'])) { // IP SEARCH
$ip_users=check_ip($input['ip']);
$where.=" AND a.`_user` IN ('".join("','",$ip_users)."')";
}

if (isset(
$input['is_flagged'])) { // Flagged Profiles
$where.=" AND a.`flagged_ma`='1'";
}


And save!





Now, open admin > profile.php

Code: [Select]
<?php #### IGNORE THIS LINE #####


// Around line 52 find:

$query="SELECT `fk_user_id`,`_photo`,`_user`,`alt_url`,`rad_longitude`,`rad_latitude`,`score`,`status`,`reject_reason`,UNIX_TIMESTAMP(`date_added`) as `date_added`,`del`";

// change it to:

$query="SELECT `fk_user_id`,`_photo`,`_user`,`alt_url`,`rad_longitude`,`rad_latitude`,`score`,`status`,`reject_reason`,UNIX_TIMESTAMP(`date_added`) as `date_added`,`del`,`flagged_ma`";



Code: [Select]
<?php #### IGNORE THIS LINE ####

// around line 99 find:

if ($output['status']==STAT_PENDING) {
$output['pending']=true;
} elseif ($output['status']==STAT_EDIT) {
$output['need_edit']=true;
} elseif ($output['status']==STAT_APPROVED) {
$output['approved']=true;
}

// Add below it:

if ($output['flagged_ma']==1) {
$output['flagged']=true;
}
if ($output['flagged_ma']==3) {
$output['whitelisted']=true;
}


And Save!





Now, open admin > skin > member_search.html


Code: [Select]
// Add this link to the menu so you can search for flagged accounts

<li><a href="member_results.php?is_flagged=1"> Flagged Profiles</a></li>

And save!



Now, open admin > skin > profile.html


Code: [Select]
// Add these links to unflag, whitelist and unwhitelist users

<!--opt name="!output.whitelisted"--><li><a href="processors/whitelist_user.php?uid={output.fk_user_id}&amp;return={output.return2me}">Whitelist Profile</a></li><!--/opt name="!output.whitelisted"-->
<!--opt name="output.whitelisted"--><li><a href="processors/unwhitelist_user.php?uid={output.fk_user_id}&amp;return={output.return2me}">Un-Whitelist Profile</a></li><!--/opt name="output.whitelisted"-->
<!--opt name="output.flagged"--><li><a href="processors/unflag_user.php?uid={output.fk_user_id}&amp;return={output.return2me}">Unflag Profile</a></li><!--/opt name="output.flagged"-->



And that should be it! :)

Let me know of any issues.

flyer5

  • Active Member
  • ***
  • Posts: 96
  • Karma: +4/-0
    • North East Nudists
Re: [CODE] - Multiple Account Filter
« Reply #1 on: November 13, 2015, 08:49:14 AM »
Works perfectly Kh!

Only thing missing is an 'instant check' to check the db for IP's currently recorded in use on more than one account and produce a list of matches, other than that spot on - exactly what we discussed :)

F5

Hornyflings

  • Prime Member
  • ****
  • Posts: 194
  • Karma: +3/-0
    • AsiasHeart
Re: [CODE] - Multiple Account Filter
« Reply #2 on: June 03, 2016, 10:08:06 AM »
Quote
Required Files:

unflag_user.php
whitelist_user.php
unwhitelist_user.php

These files need to be uploaded to your site in (yoursite > admin > processors) folder

Click here to download them

Is this contribution still available ??
Seems download link isn't valid anymore.

KHDev

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 503
  • Karma: +43/-2
  • Etano Contributor (Skins & Mods)
    • KH Web Development
Re: [CODE] - Multiple Account Filter
« Reply #3 on: June 05, 2016, 08:15:18 AM »
Quote
Required Files:

unflag_user.php
whitelist_user.php
unwhitelist_user.php

These files need to be uploaded to your site in (yoursite > admin > processors) folder

Click here to download them

Is this contribution still available ??
Seems download link isn't valid anymore.


It will be available shortly, im just moving some content around and checking for possible improvements.

Etenity63

  • Prime Member
  • ****
  • Posts: 119
  • Karma: +0/-0
Re: [CODE] - Multiple Account Filter
« Reply #4 on: December 11, 2016, 04:28:05 PM »
Hi KHDev
Is this contribution still available ?
Otherwise another script identical?
thank you in advance

KHDev

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 503
  • Karma: +43/-2
  • Etano Contributor (Skins & Mods)
    • KH Web Development
Re: [CODE] - Multiple Account Filter
« Reply #5 on: December 12, 2016, 05:47:53 PM »
Hi KHDev
Is this contribution still available ?
Otherwise another script identical?
thank you in advance

Hi, The download link has been updated.

https://www.sendspace.com/file/zrjiu4

Etenity63

  • Prime Member
  • ****
  • Posts: 119
  • Karma: +0/-0
Re: [CODE] - Multiple Account Filter
« Reply #6 on: December 13, 2016, 03:41:12 PM »
thank you very much KHDev  :)