Home/ Questions/Q 573687
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T13:45:01+00:00

MY PLATFORM: PHP & mySQL MY SITUATION: I am building an app. where users

  • 0

MY PLATFORM: PHP & mySQL

MY SITUATION:

I am building an app. where users can sign up for an account for the services that I provide. I want to restrict a user from signing up for multiple accounts and users from all over the world can create an account of their own. That being said:

  1. What can I do to prevent multiple accounts and ensure that I can track a user in case they resort to some mischief concerning the security of my website?

  2. What details do I need to log about the user for administration purposes? IP? Browser info? What else? (Bonus: If you can list out why, that would be helpful too)

  3. How many past logins of the user should be recorded and maintained? How would so many (your recommended number of past logins) help?

  4. Please list out what you think should not be missed at any cost and others that can be helpful.

Thank you in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well, first off:

    IP Address are not unique ways of identifying a user, as multiple computers can be located on a single IP address, as seen in work enviorments, schools, and other institutional access points.

    Furthermore

    There is no absolute way to be sure about someone’s identity. You can simply go off what the person tells you. You can limit accounts 1 account per email address, but there are easy ways to work around that. Same with about any other method you try.

    So, we can conclude that:

    There really isn’t a way to ensure that a user only makes 1 account. You really shouldn’t bother attempting to implement a system that does, as there will always be ways to work around the blocker you have installed.

    The only real thing you can do is ensure 1 account per email address, and that is a stretch as gmail allows me to use all of these email addresses:

    myemail@gmail.com
myemail+1@gmail.com
// I can put anything after the '+' sign. Gmail ignores it.

m.yemail@gmail.com
m.y.email@gmail.com
// Gmail doesn't care about dots in email addresses, they all go to me.

    As you can see, I can make a LOT of email addresses that are all unique, but they all go directly to my email inbox.

    And that isn’t counting my personal email @chacha102.com. With a catch-all email, I can put anything infront of @chacha102.com and it will go directly to me. I could even make a script to create a random hash and append the @chacha102.com to it. I would have almost an infinite amount of email addresses.

    So, my advice? Worry about something else.

    To answer the rest of your questions:

    You should probably keep an administrative log of important events. Such as StackOverflow has a log of all the rep I earn, when I got a badge, and most likely when I logged in. Find the ‘checkpoints’ in your site and log them.

    You should probably keep these logs for 30 days or longer if required by law, or forever if required by your system. (StackOverflow probably has ALL my reputation ups and downs as it ensures that a rep recalc can go from the beginning on).

    You should probably check out this StackOverflow question:
    https://stackoverflow.com/questions/72394/what-should-a-developer-know-before-building-a-public-web-site

    • 0