Originally Posted by sarmenhb

do this

add a new column to the userlogin table named ip
then

grab the users ip address who logs in and save it into the table.
then for every page visited if your using either cookies or sessions check to see if the userlogin that is being used matches the existing ip address in the database.

if the user decides to log out , still keep that ip address in the databse. when the user tries to re-login and his ip address is different than the one existing in the database, tell the user that they must change their password because they are logging in from a computer that wasnt used when the last user logged in.

so every time a user logs in and his ip doesnt match the one existing in the database they gotta change the password, this eventually gets on everyones last nerve and the users who dont have logins will eventually either quit or get their selves their own logins.

if you want the code on how to do all this, let me know i'll type it out.