If you run a subscritpion website, where they pay for the subscritpion, cleints sometimes hsare their passwords, sometimes to a lot of different people, how can you prevent this???

It's inevitable.

You could watch for multiple logins with the same password from different IP's and if you can be certain more than 1 person is using it, disable it. Your terms would have to warn about that.

There are scripts available to combat this. I know some adult merchants such as CCBill (?) offers them or did... I believe there may be a few on Hotscripts.com. Basically they compare the IP's in the logs to the usernames... and do the math. :)

yes, there are scripts out there. in fact, not long ago i saw a password generation script here on wht

Log all i.p's. monitor for dupe logins from different ips (ie different countries, different service providers) as mentioned earlier.

Store a cookie on the clients pc when the subscribe, only the client with that cookie can log in.

(not perfect, but better than nothing...)

Watch for two different i.ps being logged in with same user name at the same time....

Log all i.p's. monitor for dupe logins from different ips (ie different countries, different service providers) as mentioned earlier.

Store a cookie on the clients pc when the subscribe, only the client with that cookie can log in.

(not perfect, but better than nothing...)

Watch for two different i.ps being logged in with same user name at the same time....

What happens if they clear cookies? I clear my cookies at least one a week.

Also, Ive often wondered hwo you record all the IPs into a databse, I mean structurally, do you have a HUGE database that has several hundred rows for each member listing their IP and country of estimtated origin?

This is what we do...
1. Generate a session id and save it a sessions table in the database with the id of the user.
2. Set the session id as a cookie on the user's browser.
3. Every time they visit a page you check the cookie against the sessions table to find out if the person is logged in and who they are.

If someone else logs in using a login that is already assigned to a session the original session id is replaced by the new session id. Since the original session id is gone, the original user is effectively logged off.

We have deployed this type of system on many applications and it has worked great.

After rereading the original post I got a better understanding of what they OP wanted. As Oceanworld said, it is inevitable.

The system I describe above does make sure that no two people use the same account at the same time. Depending on what you offer, that may be enough incentive for users to get their own subscription.

Super thanks alot lot lot!!!!!!!!!!!!!

for our adult subscription websites we've used PWsentry, from monster-submit scripts... the script writer Dan is great and will set up everything for you on your server at purchase, great guy and has always bent over backwards to make sure that the customer is happy.

compared to some of the products/services out there like Pennywise, Proxypass and the like PWsentry is a steal at its one-time price... many of the others want a monthly subscription and have always seemed a waste to me compared to PWsentry... google it up and take a look, couldn't recommend highly enough..

Have you checked out aMember? (http://amember.com) It's supposed to be able to prevent password sharing; I've used it in the past and never had any problems with it.