justinede Posted August 19, 2008 Share Posted August 19, 2008 How would i make a script that only allows one ip to be on their account at once. So that they cant give away their login info? I dont know where to start. Thanks for the help. Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted August 19, 2008 Share Posted August 19, 2008 Well you would have a field in your MySQL table or wherever called 'logged_in'. Set it to 1 when they login, then if someone tries logging in with there name check to see if logged_in is set to 1. When they log out, or timeout, set logged_in to 0. Quote Link to comment Share on other sites More sharing options...
justinede Posted August 19, 2008 Author Share Posted August 19, 2008 could you possibly write the code for me? like the login action is checklogin.php what goes in there? Right now there is where it checks to see if the user exists then directs them to a member's page. then i would need the code to put in logout.php Quote Link to comment Share on other sites More sharing options...
matmunn14 Posted August 19, 2008 Share Posted August 19, 2008 It requires a little bit of work. You will need to check all the users that are logged in and then you will need to check if the time since they were last active is older than a current time so that you can set users to timeout. Quote Link to comment Share on other sites More sharing options...
justinede Posted August 19, 2008 Author Share Posted August 19, 2008 oy, i have no idea how to do that. lol. wouldnt it be easier the way projectfear posted? Quote Link to comment Share on other sites More sharing options...
Andy-H Posted August 19, 2008 Share Posted August 19, 2008 Add this after you have checked the user + pass are correct. <?php $l_in = $row['logged_in']; if ($l_in == 1){ echo "Someone is already logged into that account..."; }else{ $time = time() + 300; //// 5 mins... mysql_query("UPDATE yourUsersTable SET logged_in = '1' , timeout = '$time' WHERE username = '$username' AND password = '$password' LIMIT 1")or die(mysql_error()); ///// SET SESSIONS $_SESSION['username'] = $username; W/E Header("Location: page.php"); } ?> Then when they logout: <?php $time = time(); //// now... mysql_query("UPDATE yourUsersTable SET logged_in = '0' , timeout = '$time' WHERE username = '$username' LIMIT 1")or die(mysql_error()); ?> And in your functions / include script... <?php $time = time(); $query = "SELECT id FROM yourUsersTable WHERE timeout <= '$time' AND logged_in = '1' ORDER BY id"; $result = mysql_query($query)or die(mysql_error()); while ($row = mysql_fetch_row($result)){ mysql_query("UPDATE yourUsersTable SET logged_in = '0' WHERE id = '$row[0]' LIMIT 1")or die(mysql_error()); } ?> Hope it helps... Quote Link to comment Share on other sites More sharing options...
matmunn14 Posted August 19, 2008 Share Posted August 19, 2008 Add this after you have checked the user + pass are correct. <?php $l_in = $row['logged_in']; if ($l_in == 1){ echo "Someone is already logged into that account..."; }else{ $time = time() + 300; //// 5 mins... mysql_query("UPDATE yourUsersTable SET logged_in = '1' , timeout = '$time' WHERE username = '$username' AND password = '$password' LIMIT 1")or die(mysql_error()); } ?> Then when they logout: <?php $time = time(); //// now... mysql_query("UPDATE yourUsersTable SET logged_in = '0' , timeout = '$time' WHERE username = '$username' LIMIT 1")or die(mysql_error()); ?> And in your functions / include script... $time = time(); $query = "SELECT id FROM yourUsersTable WHERE timeout <= '$time' AND logged_in = '1' ORDER BY id"; $result = mysql_query($query)or die(mysql_error()); while ($row = mysql_fetch_row($result)){ mysql_query("UPDATE yourUsersTable SET logged_in = '0' WHERE id = '$row[0]' LIMIT 1")or die(mysql_error()); } Hope it helps... @justinede: This is the way that ProjectFear meant and the way that I was explaining that checks for user timeout. Quote Link to comment Share on other sites More sharing options...
justinede Posted August 19, 2008 Author Share Posted August 19, 2008 ok where should i add that script? <?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="*****"; // Mysql password $db_name="ipod"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' AND activated='1'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:index1.php"); } else { header("location:wrong.php"); //echo "Please check your username or password. If you still cant login your account has been disabled. Please contact an admin."; } ?> and what if i dont have a functions and include script? all i have is this script and a database with users in it. and a logout.php Quote Link to comment Share on other sites More sharing options...
Andy-H Posted August 19, 2008 Share Posted August 19, 2008 You could add it to the login/index page instead. Add it at the top and it should update all the timed-out users before they attempt to log in. Quote Link to comment Share on other sites More sharing options...
justinede Posted August 19, 2008 Author Share Posted August 19, 2008 so i add the script that was supposed to go in functions to the top of my login page? also could you point out where to add the script in my checkuser.php i posted? Quote Link to comment Share on other sites More sharing options...
Andy-H Posted August 19, 2008 Share Posted August 19, 2008 ok where should i add that script? <?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="*****"; // Mysql password $db_name="ipod"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $time = time(); $query = "SELECT id FROM $tbl_name WHERE timeout <= '$time' AND logged_in = '1' ORDER BY id"; $result = mysql_query($query)or die(mysql_error()); while ($row = mysql_fetch_row($result)){ mysql_query("UPDATE $tbl_name SET logged_in = '0' WHERE id = '$row[0]' LIMIT 1") or die("Error: ".mysql_error()."<br /><br />On line: ".__LINE__); } // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT logged_in , username , password FROM $tbl_name WHERE username='$myusername' and password='$mypassword' AND activated='1'"; $result=mysql_query($sql) or die("Error: ".mysql_error()."<br /><br />On line: ".__LINE__); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ $row = mysql_fetch_row($result); $l_in = $row[0]; if ($l_in == 1){ echo "Someone is already logged into that account..."; }else{ $timenow = time() + 300; /// 5 mins mysql_query("UPDATE $tbl_name SET logged_in = '1' , timeout = '$timenow' WHERE username='$row[1]' LIMIT 1") or die("Error: ".mysql_error()."<br /><br />On line: ".__LINE__); // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = $row[1]; $_SESSION['mypassword'] = $row[2]; header("location:index1.php"); }} else { header("location:wrong.php"); //echo "Please check your username or password. If you still cant login your account has been disabled. Please contact an admin."; } ?> and what if i dont have a functions and include script? all i have is this script and a database with users in it. and a logout.php Quote Link to comment Share on other sites More sharing options...
justinede Posted August 19, 2008 Author Share Posted August 19, 2008 so i need to make two more feilds in my mysql datanase? 1. logged_in 2. timout and where do i put the stuff that is supposed to go in the functions? Quote Link to comment Share on other sites More sharing options...
Andy-H Posted August 19, 2008 Share Posted August 19, 2008 Yes, both varchar(255) and I added it to that script 4 u... Quote Link to comment Share on other sites More sharing options...
justinede Posted August 19, 2008 Author Share Posted August 19, 2008 ok i did all this but once i hit submit it just goes to the same page. it doesnt redirect me to my member's page but in my database it is adding the 1 to logged in. Quote Link to comment Share on other sites More sharing options...
justinede Posted August 20, 2008 Author Share Posted August 20, 2008 *BUMP Quote Link to comment Share on other sites More sharing options...
Andy-H Posted August 25, 2008 Share Posted August 25, 2008 Does index1.php happen to have the lines: if ( (!session_is_registered("myusername")) || (!session_is_registered("mypassword")) ){ Header("Location: index.php"); } If so change it to: if ( (empty($_SESSION["myusername"])) || (empty($_SESSION["mypassword"])) ){ Header("Location: index.php"); } Why do you have their password as a session variable anyway? You also need to update the timeout as every page loads... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.