Defend against users sharing .htaccess passwords

Since there is no Iprotect anymore (boo hoo). I decided to write a simple php function for all who need a quick solution to people sharing out their passwords and killing your bandwidth limits.

here goes, (please pardon my lack of coding
etiquette…i did this as quick as I could)

1 - Change the config variables to suit your envirnoment
2 - Write the checkUserIsAlreayLoggedIn() Call the following function at the top of all your protected php pages.

function checkUserIsAlreayLoggedIn(){
// Config Variables
// Change this line to the path and filename of your users file.
$s_pathToUsersFile = “.users.txt”;
// location of shared password page :: Fully Qualified is best
$s_userAlreadyLoggedInURL =“”;

// INIT variables :
// HINT: b_ = boolean, s_ = string, i_ = int, h_ = file handle
$b_userIsFound = “false”; $b_passwordIsShared = “false”;
$i_timeout = 3060; // 30min60sec = 1800 sec

// Let’s Go.

$a_lines = file($s_pathToUsersFile);

//compare the time to now;
// if ip is same
// update the row
// if IP is different… send them an error page.

foreach($a_lines as $line){
$userinfo = sscanf($line, “%s\t%s\t%s\n”);
list ($theName, $theIp, $theTime) = $userinfo;
if ($theName==$_SERVER[‘REMOTE_USER’]){
$b_userIsFound = “true”;
// check IP address is same as last req
if ($theIp == $_SERVER[‘REMOTE_ADDR’]){
// update the time in $line;
$line = $theName."\t".$theIp."\t".time()."\n";
// oh no…its a different ip
// lets check the time of last req
if ((time()-$theTime)>$i_timeout){
// timeout has occured…its safe to update the time in $line
$line = $theName."\t".$theIp."\t".time()."\n";
else {
// ip address is different and user has logged in without timeout occuring!!!
$b_passwordIsShared = “true”;

fputs($h_newFile,$line); //place $line back in file

if ($b_passwordIsShared==“true”){
header(“Location: $s_userAlreadyLoggedInURL”); /* Redirect browser /
Make sure that code below does not get executed when we redirect. */

if ($b_userIsFound==“false”){
$line = $_SERVER[‘REMOTE_USER’]."\t".$_SERVER[‘REMOTE_ADDR’]."\t".time()."\n";