H Coin is the virtual coin for the site. Since the script dosen't save any logs about ips or other distinctive data about it's users I think I can't protect the website from multiple accounts or bonus abuse.
To do this I should save distinctive data about users. It can be done in another way?
You can save IP of users in your database attached to their username and you can check does the IP is already used by any of the users or not by a simple query to database during new account registration. Also you need to add email verification system during registration, people can create account with some random email address which they don't have control of. To do this I should save distinctive data about users. It can be done in another way?
I know this but I've considered an anonymous system must not save distinctive data about the users, in this case IP address or real email address. If an user register a new account with an email address he/she don't have control of, in case he/she will ever forget the password of this account, the password can't be recovered.