Page 1 of 1
users on line, help!!
Posted: Tue Jan 06, 2004 4:47 am
by manupil
Hi!
I have to create a script that allows the access to a system through username and password. The difficulty is that the same password and username doesn't have to be already used in the same moment from two different connected pc (online) to the system. How can I can make univocal access to the system to a user provided of the exact passwords, but without another user can be connected with the same passwords to the system until the first one are connected yet?
Sorry for my terrible english!
Greetings from Italy
Posted: Tue Jan 06, 2004 2:48 pm
by basdog22
Well if you say:
User:basdog22
pass:88888888
then it is very very difficult for someone to have the same username and pass with me.
What i mean is that this is the main concept of user & pass combination.
It is different from saying:
I don't want 2 users have the same password
than:
I don't want 2 users have the same username and password.
I may not have understood your question here so....
Now if you mean that userA must not having the access to the system from 2 different machines then you can check the OS each user uses or something else...
Hope it helped

Posted: Tue Jan 06, 2004 3:02 pm
by toms100
i think what he means, is that any login name may only be in use by one person at a time
Posted: Tue Jan 06, 2004 3:12 pm
by scorphus
Since the server only 'knows' the client while it is HTTransfering information, there is no how to maintain the user 'connected'. You will have to play with session variables, the user's IP and a connection iddle time limit.
^ Scorphus
Posted: Tue Jan 06, 2004 3:56 pm
by basdog22
i think what he means, is that any login name may only be in use by one person at a time
and how many persons use my login name now???
Only me
since the database will not let 2 identical login names
Posted: Tue Jan 06, 2004 6:26 pm
by mwong
I might be totally wrong.....but what I got from the question was that if I'm logged on to my account. Someone on a different computer that happened to know my username / pass would still be able to log on....because it just checks if the username and password match the database.
Hmm...To ensure that only one computer uses a password at a time....*shrug*
Maybe a database field that shows that the username is currently in use....and is turned off when user logs out...or is logged out automatically.
Posted: Tue Jan 06, 2004 6:32 pm
by JAM
Ideas;
User1: Logs in. In database you store user-IP, timestamp, and username to a 'logged in' database table. Each time that user moves on the site, you replace the timestamp with the current one. *)
User2: Logs in. If that username being used, in conjunction that the user-IP doesn't match any allready existing in the 'logged in' database, reject him/her.
Psudo code:
Code: Select all
$query_ip = mysql_result("select ip from logged_in where username = $_POST['username'] limit 1",0)
// add verification that a result is collected here from above...
if ($query_ip != $new_user_ip) {
header("Location: errorpage.php");
} else {
// continue with whatever...
}
*) Also you would prefer a timer to delete inactive users in the 'logged in' database after say, 5-10 minutes or so, hence the timestamp being used.
Was I clear enough? Hope it helped...
Posted: Tue Jan 06, 2004 7:00 pm
by mwong
*) Also you would prefer a timer to delete inactive users in the 'logged in' database after say, 5-10 minutes or so, hence the timestamp being used.
Would you use a CRON script to automatically delete the inactive users? One that would run every 10 minutes?
Posted: Tue Jan 06, 2004 7:05 pm
by JAM
Why not? Depending on userloads, you can also add that to the actual login-check function doing this.
Prior to checking if ip's exists etc, you can run a quick "delete * from logged_in where time < ...." but that might use alot of resources if you have a high number of users logging in at the same time (or someone trying to bruteforce the login).
Posted: Tue Jan 06, 2004 7:09 pm
by mwong
Coool! THanks!

Posted: Tue Jan 06, 2004 7:11 pm
by JAM
Very welcome and happy coding.
explanation of the subject
Posted: Sat Jan 10, 2004 4:32 am
by manupil
what I intend is simply this:
User A and User B must can't access to the system with tha same combination of username and password (example username: pizza password: venezia).
Besides the User that have the username and pasword have the possibility to enter into the system from any pc in a lan net.
The user can remain inactive for a indefinite time..
Any Suggestion?
Thanks. Manupil
Re: explanation of the subject
Posted: Sat Jan 10, 2004 5:01 am
by JAM
manupil wrote:what I intend is simply this:
User A and User B must can't access to the system with tha same combination of username and password (example username: pizza password: venezia).
Interesting choise of login/pass being from italy. ;)
Besides the User that have the username and pasword have the possibility to enter into the system from any pc in a lan net.
If I understood correct, then the IP solution alone would not help (as 192.168.0.1-192.168.0.254 only are internal ips and doesn't get seen outside the LAN).
If this is the case, a cookie might be more effective to point out what computer that is currently viewing the pages.
The user can remain inactive for a indefinite time..
$_COOKIE's might again work with this, just add an 'infinite' time to it.
Any Suggestion?
Thanks. Manupil
Again, hope that helped. Not to experienced with indefinate logins like this so it's rather untested for me. Others might have comments.