Page 1 of 1
Using PHP for security : only allow one login per user?
Posted: Mon Dec 02, 2002 4:17 pm
by chaim79
I'm working on a site that uses a monthly fee for content (not porn) and I need a way to keep people from sharing accounts. The only method I can think of is to keep them from logging in more then once (or, more then one login per user)
I can secure my site and make sure they are logged it to view a page, but if the user is logged in 5 times all can see our content without problem.
I am using sessions and a MySQL database for authorization and user-tracking.
Can anyone help me? I've been searching many places with no clues as to how to do this.
Erik Ekedahl
Posted: Mon Dec 02, 2002 11:23 pm
by volka
you might mark the account as
logged in in the database and refuse further attempts until the record is marked as
logged out again.
Note that you need some kind of time-out. Otherwise users that forgot to logout can not login again

Therefor you might store the last action (last request) of logged in users.
Posted: Tue Dec 03, 2002 3:17 am
by Kyori
I was about to post some thing similar...
I was thinking the same. When someone logs in, set COLUMN user_logged= 1. Add a timestamp element on the user's row. When someone else tries to login, check if user_logged=1, else let them continue.
Now, what if the user quits w/o logging out properly? user_logged=1 still.
When user attempts to login again, check timestamp. If it's longer than say, 5 min, let him login.
However we now have a problem. What if the first user doesn't do anything for 5 min, then 2nd user logs in. both now can access your site. Then do this. If first user doesn't do anything within 5 min, return him back to the login page for being inactive.
This is how i'm planning to do it. I also did something (since different servers use sessions differently. some encrypt and some don't) that doesn't require you to use sessions. All javascript. PM me if you're interested.
1 question, how do I get user's IP add?
Posted: Tue Dec 03, 2002 10:26 pm
by nieve
$REMOTE_ADDR
Posted: Wed Dec 04, 2002 4:28 am
by twigletmac
nieve wrote:$REMOTE_ADDR
If you are using PHP 4.1 or above use $_SERVER['REMOTE_ADDR'] or if you are using PHP 4.0.6 or lower use $HTTP_SERVER_VARS['REMOTE_ADDR'] then you don't have to rely on register_globals being on for the IP address to be available in your script.
Mac