You are taking the correct actions, however I don't think there is much more you can do.

For everything I've ever registered for I could have created multiple accounts if I wanted.

Why do you need to have this capability?

[edited by: eelixduppy at 11:08 pm (utc) on Dec. 17, 2006]

Hughie,

beyond a certain point you hit the law of diminishing returns with such tactics. I'd go back to the nub of the problem and ask why multiple registrations are an issue. If there's some tangible benefit to be derived from multiple registration, then people will make the effort to get round whatever measures you put in place.

(In other words, it's the underlying service that's poorly designed in that case, because it's reliant on an impracticality. You should try to make the client see that this is the case, otherwise grief will ensue sooner or later.)

If on the other hand there's no special benefit from multiple registration then the measures you are taking are probably enough to satisfy the client and deter most mischief makers.

The problem is that he's thinking of giving away a really attractive discount at his shop (both online and highstreet) and doesn't want people continually registering over and over.

It might be we just have to adjust the offer accordingly.

cheers,
hughie

If you wan to go to that far you could ask the user to sign online a doc (lawyer prepared to sound scary enough)
where the user certify that he/she will only register once.
Aside the usual “check here to approve” there is a couple of free script that allow a user to sign online by using its mouse.
More effective and 100% legal systems are for a fee and not “coming free!”

The only thing that might come close to foolproof is to nab the Machine ID from the PC. Of course, if someone has access to multiple PC's (home and work) then this obviously won't do either.

That leaves a mail-in registration as about the best option for prevention. Not necessarily a good option.

The problem is that he's thinking of giving away a really attractive discount at his shop (both online and highstreet) and doesn't want people continually registering over and over.

Why not? Sounds like great publicity to me. Any way to turn that event to your advantage?

that's a valid point and one i've put to him, you've just gotta be careful it doesn't get out of hand.

Threshers in the UK (booze shop) got great publicity but are possibly out of pocket after giving away 50% off wine and champagne this christmas. A nice little stunt that does rather smell of a PR department.

possibly out of pocket

The general rule of thumb with that type of campaign is to aim to break even (assume Threshers usually operate on 50% margins).

But they're making a fortune on people buying fags and beer while they're in there....

cunning indeed, you can't help but think it's two fingers up to the all powerful, supreme overlord Tesco more than anything else.

There is another way to stop multiple registrations and thats through user habbits and time scanning. People are very methodical creatures and so long as you dont tell them that you are tracking their habbits, this usually remains true.

ie:
Referer
User Agent
Hammering
Link Clicks

The first two are self explanitary. Hammering is when you receive multiple registration requests within a set time frame such as 1 min when usually you might receive one a day. Link Clicks is simply logging a users browsing habbits on your website, to be compaired with other accounts, in order to detect commonalities which indicate a duplicate account.

The function "phpinfo()" should give you more tools to work with.

<?php
echo phpinfo();
?>