Using PHP for security : only allow one login per user?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
chaim79
Forum Newbie
Posts: 2
Joined: Mon Dec 02, 2002 4:17 pm

Using PHP for security : only allow one login per user?

Post by chaim79 »

I'm working on a site that uses a monthly fee for content (not porn) and I need a way to keep people from sharing accounts. The only method I can think of is to keep them from logging in more then once (or, more then one login per user)

I can secure my site and make sure they are logged it to view a page, but if the user is logged in 5 times all can see our content without problem.

I am using sessions and a MySQL database for authorization and user-tracking.

Can anyone help me? I've been searching many places with no clues as to how to do this.

Erik Ekedahl
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

you might mark the account as logged in in the database and refuse further attempts until the record is marked as logged out again.
Note that you need some kind of time-out. Otherwise users that forgot to logout can not login again ;)
Therefor you might store the last action (last request) of logged in users.
Kyori
Forum Newbie
Posts: 23
Joined: Mon Oct 14, 2002 5:23 am
Contact:

Post by Kyori »

I was about to post some thing similar...

I was thinking the same. When someone logs in, set COLUMN user_logged= 1. Add a timestamp element on the user's row. When someone else tries to login, check if user_logged=1, else let them continue.

Now, what if the user quits w/o logging out properly? user_logged=1 still.
When user attempts to login again, check timestamp. If it's longer than say, 5 min, let him login.

However we now have a problem. What if the first user doesn't do anything for 5 min, then 2nd user logs in. both now can access your site. Then do this. If first user doesn't do anything within 5 min, return him back to the login page for being inactive.

This is how i'm planning to do it. I also did something (since different servers use sessions differently. some encrypt and some don't) that doesn't require you to use sessions. All javascript. PM me if you're interested.


1 question, how do I get user's IP add?
nieve
Forum Newbie
Posts: 11
Joined: Tue Dec 03, 2002 10:26 pm

Post by nieve »

$REMOTE_ADDR
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

nieve wrote:$REMOTE_ADDR
If you are using PHP 4.1 or above use $_SERVER['REMOTE_ADDR'] or if you are using PHP 4.0.6 or lower use $HTTP_SERVER_VARS['REMOTE_ADDR'] then you don't have to rely on register_globals being on for the IP address to be available in your script.

Mac
Post Reply