Page 1 of 1

multiple login issue

Posted: Mon Oct 02, 2006 2:15 am
by bassam_ba
hello all,
i'm new to php. i'm creating a website and i want to restrict multiple login ofr the same account.
i came up with this solution, can u read it please and tell me what u think, it urgent.

When the user logs in, i set a boolean flag to 'yes' and update the timestamp in the DB to the login time.
if the user properly logs out, this boolean will be set 'no'.

Now, if a another person tries to login while the original user is logged in, the boolean will be validated and the login will fail.

the problem is: how to handle browser close issue.
i came up with this idea: i create a session variable that contains a timestamp of the user's last activity($_SESSION['last_action']).
on each page load we execute the following:

Code: Select all

if ( (current time - $_SESSION['last_action']) > $time_out_max )

{

//update the $_SESSION['last_action'] and set it to the current time

// update the database and set the 'last_action' field to the current time.

}
mean while, a cron job is executed regulary every certain amout of time ( larger that $time_out_max, let's call it $cron_time_out ).
if the ( current_time - 'last_action') field is larger the $cron_time_out (this means that user was inactive and most propably closed the browser) in this case we reset the account and set the boolean flag to 'no'.

incase that the user didn't close the browser but was inacative for a a period larger than $cron_time_out, we redirect her to the login page on the next page load.

one of the draw backs of this soultion is that if the user mistakenly closes the browser he/she will have to wait for a certain amount of time to log in again. but this can be solved by comparing IPs.



is this efficient? is there a better way? tell me what u think.

thanks in advance

Posted: Mon Oct 02, 2006 3:22 am
by aftabnaveed
Hi
Put a login_status field in database when the user logs in then set it to, and also check the user if login_status is 1 then donot allow the user to login....

Example

Code: Select all

$qry = "SELECT user FROM tbl_userinfo WHERE login='$login' AND login_status=1 ";
    $result = mysql_query( $qry );
    $count = mysql_num_rows($result);
    if( $count > 0 )
    {
            //do something
     }
      else
      echo("You are already logged in");
Hope this helps

how to reset?

Posted: Mon Oct 02, 2006 5:56 am
by bassam_ba
thanks, and when the user logs out, i set 'login_status' to 0.
but what if the user closes the browser from the (X) button and doesn't log out properly?

Posted: Mon Oct 02, 2006 6:25 am
by Rovas
Create a session cookie if already haven' t one and in there put a boolean variable logged and check for it when user acces a page. Read more about sessions here http://www.php.net/manual/en/ref.session.php

Code: Select all

if( $count > 0 && $_SESSION['logged']==true)
    {
        //code 
    }
For security reasons modify the type of variable (int, float) and it' s name.

Posted: Mon Oct 02, 2006 6:54 am
by bassam_ba
thanks alot
appreciate it

Posted: Mon Oct 02, 2006 7:25 am
by timvw
Everytime a user logs in, i add 1 to hes 'logincounter'... And i store that number in her session too...

Everytime a page is requested i compare the $_SESSION['logincounter'] with the database logincounter...


(1) User A logs in
-> database['logincounter'] = $_SESSION['logincounter'] = 1;

(2) User B logs in with same credentials

-> database['logincounter'] = $_SESSION['logincounter'] = 2;

(3) User A requests another page, but his

-> $_SESSION['logincounter'] is 1 and database['logincounter'] is 2.. Display Message('Sorry, your session has expired.');

(4) User B closes browers and logs in again

-> database['logincounter'] = $_SESSION['logincounter'] = 3;

Posted: Mon Oct 02, 2006 11:35 pm
by aftabnaveed
I think the most easiest problem to sovle this problem is store the session in database check the Session of that specific user if it already exists then don't allow him to login.

I don't know exactly how to destroy session from database on time basis, But OSCommerece might be a good reference for it

thanks