in reply to Re: Dont allow multiple registrations or automated script problem
in thread Dont allow multiple registrations or automated script problem

Thank you that worked but i wonder also if i should let generally people to register from the same ip address that another user used to register in the past.
What do you think?
  • Comment on Re^2: Dont allow multiple registrations or automated script problem

Replies are listed 'Best First'.
Re^3: Dont allow multiple registrations or automated script problem
by davido (Cardinal) on Oct 21, 2006 at 15:46 UTC

    I think you should. Consider a few scenarios:

    • My wife and I share a router, which shares an Internet connection. That means that while we are two unique users, we will appear to the outside world to have the same IP address.
    • Consider users of larger ISPs such as AOL, where often all users within a particular region will share the same IP address from the perspective of the outside world. If you allow only one registration per IP address, you'll block a lot of other people.
    • Consider dialup users, who get a different IP address every time they dial in to their ISP. That's a whole different problem. Here, the same person could register, hang up, dial in again, and re-register with his new IP. Oh, and guess what. The next time another user from that ISP dials in and gets an IP already used by the first registrant, he will be denied registration access! Two problems in one.

    Dave

[reply]
      Yes you are absoultety right in the first 2 cases and that made it clar to me that i should allow more regs per ip.
      But in the 3rd case scenario i cant avoid the fact than 1 user can register 1000 times as long as he chnages his dynamic ip addresses and pick random usernames while in the meantitme anoher poor user would be deined reg access.
      If i allow multiple regs per ip then there is no unfortunate user but also i cant avoid the fact of 1 user register a million times by spaming my register.pl

      Damn is there a workaround for that?
[reply]

        Yes. Require an email address for registration. Make sure the email address is unique (not already in your database). Send an email to the user asking for a reply with a randomly generated key in the reply, and use that as an authentication email so that you can verify that the registrant gave you a valid email address. Only allow the registration to complete when you receive the confirmation email along with the random key.

        That's the same system you'll find in use across at least 75% of all websites that require registration. Now you just have to implement it for your site, and forget about IP's. About the only thing I would do with IP's is *maybe* put a 120 second block on a given IP once it's requested registration, so that a robot can't bang away at your site a hundred times a second.


        Dave

[reply]
        i cant avoid the fact of 1 user register a million times by spaming my register.pl

        Damn is there a workaround for that?

        Assuming it takes at least 30 seconds combined for the user to connect (getting a new dynamic ip address), register with your site, and disconnect, it would take almost a year of non-stop work to register a million times. And somebody on dialup probably has better things to do with his/her connection time.
[reply]

In Section Seekers of Perl Wisdom