imho - *if* such a protection should work, it needs the trainer to be "activated" each time it is started. The website / database has to check the following:
a) is the user / password combo valid?
b) is the user premium member at TU?
c) is there already a logged in user from a different IP than the IP that is requesting "activation"?
c) prevents user / password sharing but should allow a legitimate user to run the trainer on different machines in his home network.
Of course the reply "activation message" from the database / TU server needs to be encrypted and different for each "activation" somehow, so you can't reroute the IP and set up a local server just sending an "everything ok - you are allowed to start the trainer" message.
Unfortunately I don't have any idea how to do the encryption. The other stuff shouldn't be that difficult... Apache, mySQL and PHP should do the trick.
