zero2

With htaccess, suppose there was a mole at the site, as long as they have a valid username and password, wouldn't anyone who was given that username and password have access to my site and could direct link so long as they had valid username and password?

Lets say I made accounts for ex. Joe, Kate, Mary, and Todd.

Each of them have their own usernames and passwords.

Suppose Todd's ip address is 64.765.543.9 and his username is leech and password is leech.

Is it possible, when Todd logs in that his ip address gets loged in, into a database.

Now suppose Todd is the mole around the forum, and he decides to be a smart -@$$ and posts my website along w/ his username leech and password leech.

With htacess, is there a way of preventing this.

Like for instance is there a way where if for ex. Chi got the password and username from Todd, and his ip address is 10.12.456.89, when he tries to download, his ipaddress is checked against login and username in the database and the system locks him out, because it doesn't match Todd's ip address of 64.765.543.9.

If possible is it possible to make a username and password expire after the session is over, meaning after they logout or complete their download?

Once again, thanks for the advice seretogis and arch13, I've learned so much, at least now know what I'm facing in terms of solutions.