On a site with premium user account subscriptions, I’d like to be able to limit logins to one computer at a time. The most straightforward way to accomplish this would be to limit by IP, but I haven’t had any luck finding a plugin to accomplish this. Does anybody know of one I can use to get this functionality?
Related: Login security question – Does WP show me if I’m logged in from multiple locations?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
As already suggested in a comment above of mine, technically a (cookie based) session is limited to one IP at a time by using the Safer Cookies (WordPress Plugin).
This does not prevent another login with the same username and password because it is a feature of WordPress to allow you to login multiple times with your credentials and therefore with multiple IPs.
What you would like to achieve is to prevent multiple logins at all then. According to Otto, this is not trivial. Stacy writes, that the Wishlist Member (WordPress Plugin) has such a functionality built in: IP-Login Protection. So probably that plugin or part thereof is a solution to your issue. IANAL, but that plugin is violating the GPL license as it restricts you to make use of your wordpress derivate. I would not use it.
But probably there is another plugin out there available, or it’s quite easy to extend Login LockDown (WordPress Plugin) to bind the whole session to the last valid IP recorded.
Method 2
User can login only from one computer at a time. If user inactive 30 minutes, he can login from another computer. Try in different browsers.
You must make 2 steps:
- Create 2 Columns (uni_hash, session_time) in table – wp_users, in you database.
"ALTER TABLE `wp_users` ADD COLUMN `uni_hash` VARCHAR( 80 ) NOT NULL"; "ALTER TABLE `wp_users` ADD COLUMN `session_time` int(11) DEFAULT NULL";
2./ Paste this code in function.php.
<?php
function myStartSession() {
if(!session_id()) {
session_start();}
}
function myEndSession() {
session_unset();
session_destroy();
}
if( !function_exists('single_user_login_uid_create')){
function single_user_login_uid_create($ID){
global $wpdb;
$get_hash = $wpdb->get_results("SELECT uni_hash FROM `wp_users` WHERE user_login='".$ID."'");
if(isset($_COOKIE["user_uni_uid".$ID.""])){
$user_uni_uid = $_COOKIE["user_uni_uid".$ID.""];
if($get_hash[0]->uni_hash == ''){ $hash_result = $_COOKIE["user_uni_uid".$ID.""];}
else{$hash_result = $get_hash[0]->uni_hash; }
}else{
$user_uni_uid = 'hash';
if($get_hash[0]->uni_hash != ''){ $hash_result = $get_hash[0]->uni_hash;}
else{$hash_result = 'hash'; }
}
$check_time = $wpdb->get_results("SELECT session_time FROM `wp_users` WHERE user_login='".$ID."'");
if(!is_null($check_time)){$time_result = $check_time[0]->session_time;}
else{$time_result = time()-2000;}
if( (time() - $time_result < 1800)&&($hash_result != $user_uni_uid) ){
myEndSession();
wp_clearcookie();
wp_die('<h1>User is login! </h1>', '', array( 'back_link' => true ));
do_action('wp_logout');
nocache_headers();
$redirect_to = home_url();
wp_redirect($redirect_to);
exit();
}else{
$_SESSION["LAST_ACTIVITY"] = time();
$new_time = $_SESSION["LAST_ACTIVITY"];
$randUID = md5(microtime().$_SERVER['REMOTE_ADD'] );
$sql = "UPDATE `wp_users` set `uni_hash`='".$randUID."', `session_time`='".$new_time."' WHERE user_login='".$ID."'";
$wpdb->get_results($sql);
setcookie("user_uni_uid", $randUID, 9999999999);
}
}
}
if( !function_exists('single_user_login_uid_check')){
function single_user_login_uid_check(){
global $wpdb;
$ID = wp_get_current_user();
$logout_url = wp_logout_url(home_url());
$user_uni_uid = $_COOKIE["user_uni_uid".$ID->user_login.""];
$sql = "SELECT uni_hash FROM `wp_users` WHERE uni_hash='".$user_uni_uid."'";
$getinfo = $wpdb->get_results($sql);
$check_time = $wpdb->get_results("SELECT session_time FROM `wp_users` WHERE user_login='".$ID->user_login."'");
if(!is_null($check_time)){$time_result = $check_time[0]->session_time;}
else{$time_result = time()-2000;}
if(($getinfo[0]->uni_hash != $user_uni_uid)&&(time() - $time_result < 1800)&&(is_user_logged_in()) ){
wp_clearcookie();
myEndSession();
do_action('wp_logout');
nocache_headers();
$redirect_to = home_url();
wp_redirect($redirect_to);
exit();
}else{
myStartSession();
if(!isset($_SESSION["LAST_ACTIVITY"])){$_SESSION["LAST_ACTIVITY"] = time(); }
elseif (time() - $_SESSION["LAST_ACTIVITY"] > 120) {
$_SESSION["LAST_ACTIVITY"] = time();
}
$new_time = $_SESSION["LAST_ACTIVITY"];
$sql = "UPDATE `wp_users` set `session_time`='".$new_time."' WHERE user_login='".$ID->user_login."'";
$wpdb->get_results($sql);
}
}
}
add_action('wp_login', 'myStartSession', 1);
add_action('wp_login','single_user_login_uid_create');
add_action('wp_logout', 'myEndSession');
add_action('init','single_user_login_uid_check');
?>
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0