logout problem

[justinede]

Hey guys,

 

In my login script, once the user logs in it adds a 1 to logged_in in the database. Once they logout its set back to a 0. The user can only login again if their logged_in is at 0. This prevents 2 people being on one account. But some people never hit logout, so it keeps the one in the datanase but erases there session for some reason. So when they go to login it says they are already logged in but they dont have a session. Any ideas on how to fix this? Or different ways to make sure there is only one person to an account?

[MasterACE14]

sessions automatically expire after a certain period of time.

[JasonLewis]

You need to create a timeout script, searching these forums should turn up something.

[justinede]

ok fine ill do a search =P

[cooldude832]

One each page load if the user is logged in have a query like

<?php
$q = "Update `users` set last_action = NOW() where UserID = '".$_SESSION['UserID']."'";
?>

 

Then in your login action add before you try and log in a person

Update `users` set loggedin = '0' where last_action < NOW()-TIMEOUTINSECONDS

should work 4 u

[justinede]

lol have no idea what i have to do to make that work. lol. do you think you could customize it for me if i give you my checklogin.php? and my logout.php?

[cooldude832]

No but post them and try and work it in and I'll guide you

[justinede]

ok sorry for the late reply. here is my checklogin.php. this is my login action.

 

<?php 
$host="mysql"; // Host name 
$username="**"; // Mysql username 
$password="**"; // Mysql password 
$db_name="ipod"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse. 
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB"); 

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection) 
$myusername = stripslashes($myusername); 
$mypassword = stripslashes($mypassword); 
$myusername = mysql_real_escape_string($myusername); 
$mypassword = mysql_real_escape_string($mypassword); 

// mjr start 
$loggedIn = 0; 
$count = 0; 

$sql="SELECT logged_in FROM $tbl_name WHERE username='$myusername' and password='$mypassword' AND activated='1'"; 
$result=mysql_query($sql); 

$loggedIn = 0; 
if ($result) { 
   // get the value of logged_in 
   while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { 
     $count = 1; 
     $loggedIn = $row['logged_in']; 
     break; 
   } 
} 
// mjr end 

if($count==1){ 
   // mjr start - we know we are authentic, are we already logged in 
   if ($loggedIn) { 
     // we are already logged in - what do you want to do? 
     header("location:logged_in.php"); 
   } else { 
     // update logged_in 
     mysql_query("UPDATE members SET logged_in = 1 WHERE username='$myusername' and password='$mypassword'"); 
     // Register $myusername, $mypassword and redirect to file "login_success.php" 
     // mjr - start session 
     session_start(); 
     $_SESSION['myusername'] = $myusername; 
     $_SESSION['mypassword'] = $mypassword; 
     // mjr end 
     session_register("myusername"); 
     session_register("mypassword"); 
     header("location:index1.php"); 
  } 
  // mjr end 
} 
else { 
header("location:wrong.php"); 
//echo "Please check your username or password. If you still cant login your account has been disabled. Please contact an admin."; 
} 

?>