diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,14 +1,28 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
 
+  before_filter :current_user 
+
   SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
+  MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
+
+  #report and redirect for unauthorized activities
+  def unauthorized_redirect
+    flash[:notice] = 'You are not authorized to view the page you requested'
+    redirect_to :controller => 'main', :action => 'login'
+  end
+
+  # Returns the current logged-in user (if any).
+  def current_user
+    return nil unless session[:user_id]
+    @current_user ||= User.find(session[:user_id])
+  end
 
   def admin_authorization
     return false unless authenticate
     user = User.find(session[:user_id], :include => ['roles'])
     unless user.admin?
-      flash[:notice] = 'You are not authorized to view the page you requested'
-      redirect_to :controller => 'main', :action => 'login' unless user.admin?
+      unauthorized_redirect
       return false
     end
     return true
@@ -18,8 +32,7 @@
     return false unless authenticate
     user = User.find(session[:user_id])
     unless user.roles.detect { |role| allowed_roles.member?(role.name) }
-      flash[:notice] = 'You are not authorized to view the page you requested'
-      redirect_to :controller => 'main', :action => 'login'
+      unauthorized_redirect
       return false
     end
   end
@@ -38,12 +51,17 @@
 
     # check if run in single user mode
     if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
-      user = User.find(session[:user_id])
+      user = User.find_by_id(session[:user_id])
       if user==nil or (not user.admin?)
         flash[:notice] = 'You cannot log in at this time'
         redirect_to :controller => 'main', :action => 'login'
         return false
       end
+      unless user.enabled?
+        flash[:notice] = 'Your account is disabled'
+        redirect_to :controller => 'main', :action => 'login'
+        return false
+      end
       return true
     end
 
@@ -61,6 +79,24 @@
     return true
   end
 
+  def authenticate_by_ip_address
+    #this assume that we have already authenticate normally
+    unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
+      user = User.find(session[:user_id])
+      if (not user.admin? and user.last_ip and user.last_ip != request.remote_ip)
+        flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
+        redirect_to :controller => 'main', :action => 'login'
+        puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"
+        return false
+      end
+      unless user.last_ip
+        user.last_ip = request.remote_ip
+        user.save
+      end
+    end
+    return true
+  end
+
   def authorization
     return false unless authenticate
     user = User.find(session[:user_id])