multiple login issue

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
bassam_ba
Forum Newbie
Posts: 3
Joined: Mon Oct 02, 2006 2:05 am

multiple login issue

Post by bassam_ba »

hello all,
i'm new to php. i'm creating a website and i want to restrict multiple login ofr the same account.
i came up with this solution, can u read it please and tell me what u think, it urgent.

When the user logs in, i set a boolean flag to 'yes' and update the timestamp in the DB to the login time.
if the user properly logs out, this boolean will be set 'no'.

Now, if a another person tries to login while the original user is logged in, the boolean will be validated and the login will fail.

the problem is: how to handle browser close issue.
i came up with this idea: i create a session variable that contains a timestamp of the user's last activity($_SESSION['last_action']).
on each page load we execute the following:

Code: Select all

if ( (current time - $_SESSION['last_action']) > $time_out_max )

{

//update the $_SESSION['last_action'] and set it to the current time

// update the database and set the 'last_action' field to the current time.

}
mean while, a cron job is executed regulary every certain amout of time ( larger that $time_out_max, let's call it $cron_time_out ).
if the ( current_time - 'last_action') field is larger the $cron_time_out (this means that user was inactive and most propably closed the browser) in this case we reset the account and set the boolean flag to 'no'.

incase that the user didn't close the browser but was inacative for a a period larger than $cron_time_out, we redirect her to the login page on the next page load.

one of the draw backs of this soultion is that if the user mistakenly closes the browser he/she will have to wait for a certain amount of time to log in again. but this can be solved by comparing IPs.



is this efficient? is there a better way? tell me what u think.

thanks in advance
aftabnaveed
Forum Newbie
Posts: 9
Joined: Sat Sep 30, 2006 1:05 am

Post by aftabnaveed »

Hi
Put a login_status field in database when the user logs in then set it to, and also check the user if login_status is 1 then donot allow the user to login....

Example

Code: Select all

$qry = "SELECT user FROM tbl_userinfo WHERE login='$login' AND login_status=1 ";
    $result = mysql_query( $qry );
    $count = mysql_num_rows($result);
    if( $count > 0 )
    {
            //do something
     }
      else
      echo("You are already logged in");
Hope this helps
bassam_ba
Forum Newbie
Posts: 3
Joined: Mon Oct 02, 2006 2:05 am

how to reset?

Post by bassam_ba »

thanks, and when the user logs out, i set 'login_status' to 0.
but what if the user closes the browser from the (X) button and doesn't log out properly?
Rovas
Forum Contributor
Posts: 272
Joined: Mon Aug 21, 2006 7:09 am
Location: Romania

Post by Rovas »

Create a session cookie if already haven' t one and in there put a boolean variable logged and check for it when user acces a page. Read more about sessions here http://www.php.net/manual/en/ref.session.php

Code: Select all

if( $count > 0 && $_SESSION['logged']==true)
    {
        //code 
    }
For security reasons modify the type of variable (int, float) and it' s name.
bassam_ba
Forum Newbie
Posts: 3
Joined: Mon Oct 02, 2006 2:05 am

Post by bassam_ba »

thanks alot
appreciate it
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Everytime a user logs in, i add 1 to hes 'logincounter'... And i store that number in her session too...

Everytime a page is requested i compare the $_SESSION['logincounter'] with the database logincounter...


(1) User A logs in
-> database['logincounter'] = $_SESSION['logincounter'] = 1;

(2) User B logs in with same credentials

-> database['logincounter'] = $_SESSION['logincounter'] = 2;

(3) User A requests another page, but his

-> $_SESSION['logincounter'] is 1 and database['logincounter'] is 2.. Display Message('Sorry, your session has expired.');

(4) User B closes browers and logs in again

-> database['logincounter'] = $_SESSION['logincounter'] = 3;
aftabnaveed
Forum Newbie
Posts: 9
Joined: Sat Sep 30, 2006 1:05 am

Post by aftabnaveed »

I think the most easiest problem to sovle this problem is store the session in database check the Session of that specific user if it already exists then don't allow him to login.

I don't know exactly how to destroy session from database on time basis, But OSCommerece might be a good reference for it

thanks
Post Reply