Block multiple logins

[killah]

I have not really looked into this matter. But im sure it's also pretty easy. I want to stop multiple login's on same account. But i do not want to use mysql querys.

 

Maybe session registered function to check if the session is registered for that account? I do not want to use cookie's because cookies are not 100% safe to go through.

 

Any idea's or any pointer's on how i can do it?

[trq]

But i do not want to use mysql querys

 

Why? Surely you need to execute mysql queries to log your users in any way?

[killah]

I'm making my site as efficient as possible. And mysql query's are never 100% safe to execute with session's etc.

[TheLoveableMonty]

I find this difficult because PHP is a server language.

 

The best thing I could suggest is the use of a log.

 

Log the time they log in on a general log file along with the time, based on your server's clock. Also log the time within three hours of their log in for the "log" file to expire.

 

Then run a function as part of your log-in process to open the log, check each user's expiry time based on the time of the server's clock. While performing that, you can also compare log-in names to a name on the list.

 

You will need to set cookies to keep your sessions active - the user himself wouldn't be able to log back in otherwise since his name's on the log. But in order to ensure privacy, save your password (and, if you wish, username details) as md5 encryptions. When the user types in their login information, encrypt those and compare both encryptions. Then write the encryped versions within the cookies. Set the cookies to expire in three hours also.

 

That's the best way I can think to work with that.

 

Obviously there's probably a much easier way around it.

[trq]

I'm making my site as efficient as possible. And mysql query's are never 100% safe to execute with session's etc.

 

All you need do is.

 

When a user attempts to login, check a field (is_logged) for 1. If they are not (is_logged == 0), log them in and update is_logged to 1, if they are display a message saying they are already logged in.

 

From there you will also need to update a timestamp each time your logged in user makes a request.

 

Then you simply run a cron job every few mins to check for timestamps older then say 20 minutes. When they are found, update is_logged to 0.

 

It might sound complex / inefficient but the data needs to be stored somewhere.

[killah]

Ive seen it done in PHP.

 

I was thinking of doing something like this.

 

if(loggedin == 0)

{

   //continue with login

   $loggedin = 15; //normal session time out

}

else if(loggedin != 0)

{

   //Display error

}

 

 

then in a cron file.

 

mysql_query("UPDATE `users` SET `loggedin` = `loggedin` - 1 WHERE `loggedin` != 0");

 

while in the main file:

 

mysql_query("UPDATE `users` SET `loggedin` = 15 WHERE `userid` = me");

 

how ever. See how many query's im using?

 

3 query's and 1 query refreshed every minute and another query loaded every time the user refreshes the browser.

 

you might think. what's 2 querys. Well those 2 querys can be a huge disadvantage if you have a site with over 10k players in database with over 100k row's in the entire database with about 1k players refreshing the page per day * 500.

 

500k querys per day sounds awfuly large. And not to mention my already querys which are already 12 per page load. So making it almost 1 million querys per day.

 

Another way i was thinking is actualy go into the root base to where the session document's are stored and fetch them from there. Resulting in less resource and less query's. How ever i can not do that from a shared hosting account due to limited access. But i am soon to be moving over to a Dedicated server.

 

 

[trq]

Another way i was thinking is actualy go into the root base to where the session document's are stored and fetch them from there.

 

Yeah, that would be another option. You can configure session_save_path to be within a local directory and in fact you should be doing this when using shared hosting anyway.

 

Of course another option is just to setup your own sesion handler using session_set_save_handler and store all your session data in a database.

[Philip]

you might think. what's 2 querys. Well those 2 querys can be a huge disadvantage if you have a site with over 10k players in database with over 100k row's in the entire database with about 1k players refreshing the page per day * 500.

 

500k querys per day sounds awfuly large.

 

I'm not trying to shoot you down, but I'd like to challenge your opinion.

 

If you're using a database, you'd have to use a file. Wouldn't that use the same, if not more memory for each time you have to write to that log?

 

Look into optimizing your current database, but if you can't have you considered a dedicated mysql server?

[trq]

you might think. what's 2 querys. Well those 2 querys can be a huge disadvantage if you have a site with over 10k players in database with over 100k row's in the entire database with about 1k players refreshing the page per day * 500.

 

500k querys per day sounds awfuly large.

 

I'm not trying to shoot you down, but I'd like to challenge your opinion.

 

If you're using a database, you'd have to use a file. Wouldn't that use the same, if not more memory for each time you have to write to that log?

 

Look into optimizing your current database, but if you can't have you considered a dedicated mysql server?

Pretty much my thoughts exactly. the data has to be stored / queried somewhere / somehow. Mysql is made for storing and querying data. Its really not going to get much more efficient.

[killah]

There is a way to make your query's more efficient.

 

Let's say my users table contain's 56 columns. We only need to extract pn_notepad from there.

 

Ive seen people do this:

 

$res = mysql_query("SELECT * FROM users WHERE userid=$ir['userid']");

 

Not such a good way is it?

 

I on the other hand atleast make that more efficient and less page load by doing this:

 

$res = mysql_query("SELECT pn_notepad FROM `users` WHERE `userid` = ".$ir['userid']);

[Philip]

Oh and to add onto what thorpe and I have said, take a look at the footer of this page for example:

Page created in 0.07 seconds with 21 queries.

 

Yes, this is a dedicated server and all. However, think about how many hits this forum gets. Just some food for thought

[sKunKbad]

I keep seeing people who need a nice login system. I've developed a nice one, and posted pieces of it here a few times. I think it would be great to get some seasoned php programmers together and make an open source login system for distribution here at phpfreaks. If anyone is interested, let me know.

[trq]

Where not telling you you need to write poor queries. Simply telling you that the data you need needs to be stored somewhere and that querying mysql is often more efficient then writting to a file just so you can parse this file later.

[killah]

I keep seeing people who need a nice login system. I've developed a nice one, and posted pieces of it here a few times. I think it would be great to get some seasoned php programmers together and make an open source login system for distribution here at phpfreaks. If anyone is interested, let me know.

 

I am not asking for a login system. I already have a login system based of jquery.

 

Where not telling you you need to write poor queries. Simply telling you that the data you need needs to be stored somewhere and that querying mysql is often more efficient then writting to a file just so you can parse this file later.

 

I understand. But i was just thinking of different ways and to not use SQL

[sKunKbad]

 

I am not asking for a login system. I already have a login system based of jquery.

 

 

Isn't jquery just a javascript library? I've never heard of a javascript login system.

[killah]

JQuery is a javascript library. And what i meant is my login system use's jquery so i do not need a login system thank you.

[Philip]

Having jQuery has nothing to do with this IMO.

 

There aren't too many other ways to do this. A database, or flat files. As mentioned before, a database would 99% of the time be more efficient.

 

There are probably things to do to streamline your current code, so you didn't have as many queries, but again, that's getting offtopic.

 

I'd go with the database solution. You could try out both methods and test which creates less stress. Ultimately, it's up to you.