How to Allowing only one Login to Admin with MD5 & Sessi

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mans
Forum Newbie
Posts: 1
Joined: Sat Nov 20, 2004 2:02 pm

How to Allowing only one Login to Admin with MD5 & Sessi

Post by mans »

Hi,

This is my first post here :D

I'm trying to code an admin page with session and hashed password stored in mysql. The client wants to restrict that page to only one login in any given time, ie only one user can browse the page at a time. I'm not sure how to do that! Any help please?

TIA
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

ok when they are logged in have it update in your mysql database with something like

Code: Select all

INSERT INTO `loggedin` SET `id` = session_id()
then each time the page is loaded

Code: Select all

<?
if (!empty($_SESSION['loggedin']))
{
//if not logged in redirect
header("Location: index.php");

}
else
{
//count number of rows
$sql = "SELECT COUNT(`id`) FROM `logged`";

//run the query
$result = mysql_query($sql) die(mysql_error());;

//check if no rows exist
if ($result == 0)
{

$sql = "INSERT INTO `loggedin` SET `id`='".session_id()."'";
$result = mysql_query($sql) die(mysql_error());

}
else
{
//deny access, remove him from loggedin
$sql = "DELETE FROM `loggedin` WHERE `id`='".session_id()."'";
$result = mysql_query($sql) or die(mysql_error());

//destroy session variable
$_SESSION['loggedin'] = array();
}
}
}
?>
hope this helps.... something to get you started
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

make a field in the db for each user, call it say, logged_in
also make one called last_activity

when someone logs in, update the databse for that username, and make logged_in = true
when they log out, make logged_in = false

the last activity is in case they forget to log out

once someone logs in, update the last_activity on every page request


now before you allow someone to log in, first check if that username is already logged in. if they are already logged in, then make sure the last activity is not older than say....2 hours
if it is too old, then allow them to log in, because the one who is previously logged in, has been inactive for 2 hours, and likely forgot to log out.



edit- phenom beat me to it lol
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

edit- phenom beat me to it lol
by 25 min :)
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

Phenom wrote:
edit- phenom beat me to it lol
by 25 min :)
i uh, went to get somthing to eat mid-post :D
Post Reply