Plugin to avoid share username in WordPress

3 Views

Is there a way to void sharing of username (based on ip address or login at same time in different location) for WordPress? If there is a plugin just to track IP address and login time, it should be fine too. Thanks

Post Views: 3

Related posts

Leave a Reply

3 comments

  1. you could add this to your functions.php or a plugin file.

        //set the most current user to have a cookie matching a unique value    
add_action("set_logged_in_cookie", "one_cookie", 10, 5);
function one_cookie($logged_in_cookie, $expire, $expiration, $user_id, $logged_in) {
    $secure = apply_filters('secure_logged_in_cookie', false, $user_id, is_ssl());
    $cookie = uniqid();
    update_user_meta($user_id, "one_cookie", $cookie);
    setcookie("one_cookie", $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure, true);
    return;
}
//check requests from users to ensure they have this cookie
add_action("init", "check_one_cookie", 1);
function check_one_cookie() {
    $user = wp_get_current_user();
    if ($user->ID == 0) { return; }
    $storedcookie = get_user_meta($user->ID, 'one_cookie');
    print_r(array('$storedcookie'=>$storedcookie));
  if (!empty($storedcookie) && $_COOKIE['one_cookie'] != $storedcookie) {
    /*if the user doesn't have the same cookie as we have stored, log them out.*/
        wp_logout();
        //auth_redirect() may have a more desired effect
    }
}
//unset a users cookie
add_action('wp-logout', 'one_cookie_logout');
function one_cookie_logout() {
    setcookie("one_cookie", "", 1);
}

    This will work in only one direction though. Any time a new login is processed it will lock out the old one. If you wish to reverse that you’ll probably need to write a lot more code so that a user can break a lockout etc.

    You could also accomplish this by replacing the appropriate functions in ‘wp-includes/pluggable.php’

    I’ve tested the above code to work with WordPress 3.1.

  2. Tested in 3.6.1 and works well, except the function “check_one_cookie” has to be updated like this:

    add_action("init", "check_one_cookie", 1);
    function check_one_cookie() {
    $user = wp_get_current_user();
    if ($user->ID == 0) { return; }
    $storedcookie = get_user_meta($user->ID, 'one_cookie');
    // print_r(array('$storedcookie'=>$storedcookie));
    if (!empty($storedcookie) && $_COOKIE['one_cookie'] != $storedcookie[0]) {
    /*if the user doesn't have the same cookie as we have stored, log them out.*/
        wp_logout();
        //auth_redirect() may have a more desired effect
    }
}

    $storedcookie should be relaced by $storedcookie[0]
    (and do not forget to replace the COOKIEPATH, COOKIE_DOMAIN by your own data)