users on line, help!!
Moderator: General Moderators
users on line, help!!
Hi!
I have to create a script that allows the access to a system through username and password. The difficulty is that the same password and username doesn't have to be already used in the same moment from two different connected pc (online) to the system. How can I can make univocal access to the system to a user provided of the exact passwords, but without another user can be connected with the same passwords to the system until the first one are connected yet?
Sorry for my terrible english!
Greetings from Italy
I have to create a script that allows the access to a system through username and password. The difficulty is that the same password and username doesn't have to be already used in the same moment from two different connected pc (online) to the system. How can I can make univocal access to the system to a user provided of the exact passwords, but without another user can be connected with the same passwords to the system until the first one are connected yet?
Sorry for my terrible english!
Greetings from Italy
Well if you say:
User:basdog22
pass:88888888
then it is very very difficult for someone to have the same username and pass with me.
What i mean is that this is the main concept of user & pass combination.
It is different from saying:
I don't want 2 users have the same password
than:
I don't want 2 users have the same username and password.
I may not have understood your question here so....
Now if you mean that userA must not having the access to the system from 2 different machines then you can check the OS each user uses or something else...
Hope it helped
I might be totally wrong.....but what I got from the question was that if I'm logged on to my account. Someone on a different computer that happened to know my username / pass would still be able to log on....because it just checks if the username and password match the database.
Hmm...To ensure that only one computer uses a password at a time....*shrug*
Maybe a database field that shows that the username is currently in use....and is turned off when user logs out...or is logged out automatically.
Hmm...To ensure that only one computer uses a password at a time....*shrug*
Maybe a database field that shows that the username is currently in use....and is turned off when user logs out...or is logged out automatically.
Ideas;
User1: Logs in. In database you store user-IP, timestamp, and username to a 'logged in' database table. Each time that user moves on the site, you replace the timestamp with the current one. *)
User2: Logs in. If that username being used, in conjunction that the user-IP doesn't match any allready existing in the 'logged in' database, reject him/her.
Psudo code:
*) Also you would prefer a timer to delete inactive users in the 'logged in' database after say, 5-10 minutes or so, hence the timestamp being used.
Was I clear enough? Hope it helped...
User1: Logs in. In database you store user-IP, timestamp, and username to a 'logged in' database table. Each time that user moves on the site, you replace the timestamp with the current one. *)
User2: Logs in. If that username being used, in conjunction that the user-IP doesn't match any allready existing in the 'logged in' database, reject him/her.
Psudo code:
Code: Select all
$query_ip = mysql_result("select ip from logged_in where username = $_POST['username'] limit 1",0)
// add verification that a result is collected here from above...
if ($query_ip != $new_user_ip) {
header("Location: errorpage.php");
} else {
// continue with whatever...
}Was I clear enough? Hope it helped...
Why not? Depending on userloads, you can also add that to the actual login-check function doing this.
Prior to checking if ip's exists etc, you can run a quick "delete * from logged_in where time < ...." but that might use alot of resources if you have a high number of users logging in at the same time (or someone trying to bruteforce the login).
Prior to checking if ip's exists etc, you can run a quick "delete * from logged_in where time < ...." but that might use alot of resources if you have a high number of users logging in at the same time (or someone trying to bruteforce the login).
explanation of the subject
what I intend is simply this:
User A and User B must can't access to the system with tha same combination of username and password (example username: pizza password: venezia).
Besides the User that have the username and pasword have the possibility to enter into the system from any pc in a lan net.
The user can remain inactive for a indefinite time..
Any Suggestion?
Thanks. Manupil
User A and User B must can't access to the system with tha same combination of username and password (example username: pizza password: venezia).
Besides the User that have the username and pasword have the possibility to enter into the system from any pc in a lan net.
The user can remain inactive for a indefinite time..
Any Suggestion?
Thanks. Manupil
Re: explanation of the subject
Interesting choise of login/pass being from italy. ;)manupil wrote:what I intend is simply this:
User A and User B must can't access to the system with tha same combination of username and password (example username: pizza password: venezia).
If I understood correct, then the IP solution alone would not help (as 192.168.0.1-192.168.0.254 only are internal ips and doesn't get seen outside the LAN).Besides the User that have the username and pasword have the possibility to enter into the system from any pc in a lan net.
If this is the case, a cookie might be more effective to point out what computer that is currently viewing the pages.
$_COOKIE's might again work with this, just add an 'infinite' time to it.The user can remain inactive for a indefinite time..
Again, hope that helped. Not to experienced with indefinate logins like this so it's rather untested for me. Others might have comments.Any Suggestion?
Thanks. Manupil