How to stop users from creating more than one password

Question

0.00/5 (No votes)

See more:

Hi, im a beginner programmer in C# and asp.net, ive created a login page for my site which allows the user to enter their username and password to gain access, there is also a method to create a new user this takes the information they fill in on the page and uploads it to a MySql database table (users) problem is this allows the user to create more than one person, how can i stop this from happening, the usernames are unique to every person so is their a way in which i can restrict a user from creating more than one account/password for themselves

any help would be appreciated thanks
Wes

Posted 19-Jul-12 21:05pm

Wes101

Add a Solution

Comments

OriginalGriff 21-Jul-12 3:10am

Answer updated

2 solutions

Solution 1

Realistically you can't stop users creating multiple accounts, you can check for a unique email account also but that can be circumvented also.

You could try storing client side cookies etc.

Posted 19-Jul-12 21:08pm

Mehdi Gholam

Comments

Sandeep Mewara 20-Jul-12 18:15pm

Comment from OP:
okay but thing is these users get given a membership number that they have to use to login with on their first time logging in they create a password for themselves but now there nothing stopping them from creating another password the second time around, say they try create a second password is there a way that i can run a query to check my database for an existing account with there membership number in and if there is it restricts them from proceeding with the second password creation?

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2012-07-19T21:12:00

No.

Basically, the only way to restrict people from creating "sock puppet" accounts is to require them to supply information which it totally unique to them. And there isn't anything. IP addresses are assigned by an ISP (and in many cases can be changed by resetting your ADSL modem), and Email addresses can be created very, very easily. I have a dozen or so I have had to acquire over the years, and there are places like 10 minute mail which provide brief, time limited email addresses.

You can't prevent it, until we get a Unique Identity Code for people - which is not likely to happen in the near future. I would just go with an email - confirmation code - complete registration system. It's not perfect, but it weeds out some of them.

"okay but thing is these users get given a membership number that they have to use to login with on their first time logging in they create a password for themselves but now there nothing stopping them from creating another password the second time around, say they try create a second password is there a way that i can run a query to check my database for an existing account with there membership number in and if there is it restricts them from proceeding with the second password creation?"

Yes - you would store a flag in your membership database which indicates "registration completed". You check this when they log in (and if not set tell them to complete it first, normally by following a link that was emailed to them - weeds out the fake email address boyos) and when you complete registration (and if set tells them they have already completed, and to use the password they set the first time - weeds out the password overwrite by a different person).