users on line, help!!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
manupil
Forum Newbie
Posts: 2
Joined: Tue Jan 06, 2004 4:47 am
Location: Venezia, Italy

users on line, help!!

Post by manupil »

Hi!

I have to create a script that allows the access to a system through username and password. The difficulty is that the same password and username doesn't have to be already used in the same moment from two different connected pc (online) to the system. How can I can make univocal access to the system to a user provided of the exact passwords, but without another user can be connected with the same passwords to the system until the first one are connected yet?

Sorry for my terrible english!

Greetings from Italy
basdog22
Forum Contributor
Posts: 158
Joined: Sun Nov 30, 2003 3:03 pm
Location: Greece

Post by basdog22 »

8O

Well if you say:

User:basdog22
pass:88888888

then it is very very difficult for someone to have the same username and pass with me.

What i mean is that this is the main concept of user & pass combination.

It is different from saying:

I don't want 2 users have the same password

than:

I don't want 2 users have the same username and password.

I may not have understood your question here so....

Now if you mean that userA must not having the access to the system from 2 different machines then you can check the OS each user uses or something else...

Hope it helped :roll:
toms100
Forum Contributor
Posts: 119
Joined: Wed Feb 26, 2003 10:29 am
Location: Bristol,UK

Post by toms100 »

i think what he means, is that any login name may only be in use by one person at a time
User avatar
scorphus
Forum Regular
Posts: 589
Joined: Fri May 09, 2003 11:53 pm
Location: Belo Horizonte, Brazil
Contact:

Post by scorphus »

Since the server only 'knows' the client while it is HTTransfering information, there is no how to maintain the user 'connected'. You will have to play with session variables, the user's IP and a connection iddle time limit.

^ Scorphus
basdog22
Forum Contributor
Posts: 158
Joined: Sun Nov 30, 2003 3:03 pm
Location: Greece

Post by basdog22 »

i think what he means, is that any login name may only be in use by one person at a time
8O

and how many persons use my login name now???

Only me :wink:

since the database will not let 2 identical login names
mwong
Forum Commoner
Posts: 34
Joined: Sun Dec 28, 2003 2:58 am

Post by mwong »

I might be totally wrong.....but what I got from the question was that if I'm logged on to my account. Someone on a different computer that happened to know my username / pass would still be able to log on....because it just checks if the username and password match the database.

Hmm...To ensure that only one computer uses a password at a time....*shrug*

Maybe a database field that shows that the username is currently in use....and is turned off when user logs out...or is logged out automatically.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Ideas;

User1: Logs in. In database you store user-IP, timestamp, and username to a 'logged in' database table. Each time that user moves on the site, you replace the timestamp with the current one. *)

User2: Logs in. If that username being used, in conjunction that the user-IP doesn't match any allready existing in the 'logged in' database, reject him/her.

Psudo code:

Code: Select all

$query_ip = mysql_result("select ip from logged_in where username = $_POST['username'] limit 1",0)
// add verification that a result is collected here from above...
if ($query_ip != $new_user_ip) {
 header("Location: errorpage.php");
} else {
 // continue with whatever...
}
*) Also you would prefer a timer to delete inactive users in the 'logged in' database after say, 5-10 minutes or so, hence the timestamp being used.

Was I clear enough? Hope it helped...
mwong
Forum Commoner
Posts: 34
Joined: Sun Dec 28, 2003 2:58 am

Post by mwong »

*) Also you would prefer a timer to delete inactive users in the 'logged in' database after say, 5-10 minutes or so, hence the timestamp being used.
Would you use a CRON script to automatically delete the inactive users? One that would run every 10 minutes?
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Why not? Depending on userloads, you can also add that to the actual login-check function doing this.

Prior to checking if ip's exists etc, you can run a quick "delete * from logged_in where time < ...." but that might use alot of resources if you have a high number of users logging in at the same time (or someone trying to bruteforce the login).
mwong
Forum Commoner
Posts: 34
Joined: Sun Dec 28, 2003 2:58 am

Post by mwong »

Coool! THanks! 8)
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Very welcome and happy coding.
manupil
Forum Newbie
Posts: 2
Joined: Tue Jan 06, 2004 4:47 am
Location: Venezia, Italy

explanation of the subject

Post by manupil »

what I intend is simply this:

User A and User B must can't access to the system with tha same combination of username and password (example username: pizza password: venezia).

Besides the User that have the username and pasword have the possibility to enter into the system from any pc in a lan net.

The user can remain inactive for a indefinite time..

Any Suggestion?

Thanks. Manupil
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Re: explanation of the subject

Post by JAM »

manupil wrote:what I intend is simply this:

User A and User B must can't access to the system with tha same combination of username and password (example username: pizza password: venezia).
Interesting choise of login/pass being from italy. ;)
Besides the User that have the username and pasword have the possibility to enter into the system from any pc in a lan net.
If I understood correct, then the IP solution alone would not help (as 192.168.0.1-192.168.0.254 only are internal ips and doesn't get seen outside the LAN).
If this is the case, a cookie might be more effective to point out what computer that is currently viewing the pages.
The user can remain inactive for a indefinite time..
$_COOKIE's might again work with this, just add an 'infinite' time to it.
Any Suggestion?

Thanks. Manupil
Again, hope that helped. Not to experienced with indefinate logins like this so it's rather untested for me. Others might have comments.
Post Reply