Guest unable to login
For security reasons guests can login to chat if 1 or 2 is true.
- Their username is new and does not exist in the database.
- Their username is in the database and is associated with their IP.
Example: John logins as guest for the first time on Tuesday and his IP is 126.96.36.199 - 188.8.131.52 is linked to John's guest account and a login cookie is set on his computer. John closes his browser and comes back the next day. John is recognized with the help of the login cookie, his IP is now 184.108.40.206 - 220.127.116.11 is linked to John's guest account as well. On Friday John is again in chat but on exiting clicks on the logout button - the login cookie is deleted from John's computer.
From that moment on John can login to chat as John from 18.104.22.168 and 22.214.171.124 only!
- A guest user doesn't need to logout. If a guest logs out every IP they have been seen with will be accepted on relogin.
- A guest can always become a properly registered user by providing a password / email / recovery question & answer.
- You can disable guest access from AdminCP » Settings » General settings.
- You can delete all guests and reset the IP log with Delete Guests & IP Log from AdminCP » Users.
In case you do not want to store user IPs in the database there is an option
config.php. If turned on user IPs will be saved in the database as SHA1 hashes. All other functionality stays unchanged.