hm..if your network uses dynamic IP addressing and your users switches computers(meaning they use different computers to access your site) then its quite impossible to identify any misuse.

But, if your users are using a single computer, then you can use cookies for example, to store some random keys! Cookies have an expiry date.

Suppose you set a cookie for 2 month,
First you store a randomly generated key in your database and in a cookie when the user first log in the system!

Now, every time he log on the website, check the validity of the key from the cookie to the one in the database. If its the same, then the same person is using the account, if not, then its maybe someone else!

You can do this in an another way, each time a user logged in, you get the key from the cookie and store it in your database!
Now, after certain time, you can perform a check to the logs of your database, to see how many different keys have been used! If a single key was used, the it means, a single computer was used but if there are different keys, then it means multiple computers were used to access the user account!

Problem: when the user logout out, you must make sure the cookie containing the key is not deleted!

Ahhh..You just need some imagination dude!