I'm working on a site that uses a monthly fee for content (not porn) and I need a way to keep people from sharing accounts. The only method I can think of is to keep them from logging in more then once (or, more then one login per user)
I can secure my site and make sure they are logged it to view a page, but if the user is logged in 5 times all can see our content without problem.
I am using sessions and a MySQL database for authorization and user-tracking.
Can anyone help me? I've been searching many places with no clues as to how to do this.
Erik Ekedahl
Using PHP for security : only allow one login per user?
Moderator: General Moderators
you might mark the account as logged in in the database and refuse further attempts until the record is marked as logged out again.
Note that you need some kind of time-out. Otherwise users that forgot to logout can not login again
Therefor you might store the last action (last request) of logged in users.
Note that you need some kind of time-out. Otherwise users that forgot to logout can not login again
Therefor you might store the last action (last request) of logged in users.
I was about to post some thing similar...
I was thinking the same. When someone logs in, set COLUMN user_logged= 1. Add a timestamp element on the user's row. When someone else tries to login, check if user_logged=1, else let them continue.
Now, what if the user quits w/o logging out properly? user_logged=1 still.
When user attempts to login again, check timestamp. If it's longer than say, 5 min, let him login.
However we now have a problem. What if the first user doesn't do anything for 5 min, then 2nd user logs in. both now can access your site. Then do this. If first user doesn't do anything within 5 min, return him back to the login page for being inactive.
This is how i'm planning to do it. I also did something (since different servers use sessions differently. some encrypt and some don't) that doesn't require you to use sessions. All javascript. PM me if you're interested.
1 question, how do I get user's IP add?
I was thinking the same. When someone logs in, set COLUMN user_logged= 1. Add a timestamp element on the user's row. When someone else tries to login, check if user_logged=1, else let them continue.
Now, what if the user quits w/o logging out properly? user_logged=1 still.
When user attempts to login again, check timestamp. If it's longer than say, 5 min, let him login.
However we now have a problem. What if the first user doesn't do anything for 5 min, then 2nd user logs in. both now can access your site. Then do this. If first user doesn't do anything within 5 min, return him back to the login page for being inactive.
This is how i'm planning to do it. I also did something (since different servers use sessions differently. some encrypt and some don't) that doesn't require you to use sessions. All javascript. PM me if you're interested.
1 question, how do I get user's IP add?
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK