Jump to content

Archived

This topic is now archived and is closed to further replies.

Galgoran

Preventing Simultaneous Logins

Recommended Posts

Hey, everyone. I'm fairly new with PHP, though I can work my way around the basics quite well. I hope I've put this in the right place. If I need to provide any information in order to get help, I'll be happy to provide it.

Right now I'm rewriting my website's login page essentially from scratch in order to deal with several problems.

First and foremost of these, I mean to prevent people from being logged in multiple times with the same account (and with different accounts, if it's on the same computer).

Now, I've thought it over, and the way I've seen myself doing it is this:

- When the login form is submitted, select the session ID currently stored in the login table (where stored IP = current IP?).
- Unset the session with that ID.
- Upload the current session ID to the database with other info, ready for the process to repeat itself with the next login.

Since there is an include checking the user's session to see whether they're logged in at the top of every page beyond login, unsetting the user's session would send him to the login page.

It seems like solid reasoning to me, but unfortunately, I don't know quite enough about sessions to make it work. (For example: if the user is trying to log on two accounts from the same computer, would the session ID being used at login be the same as the session ID being used by the account already logged on?)

What I want to know, I suppose, is:

- whether or not this is a valid plan.
- How I would go about unsetting the previous session by its ID (I would assume this is possible, but I may be mistaken)
- What sort of changes would need to be enacted to prevent two people logging onto the same account, at the same time, from different computers.

Share this post


Link to post
Share on other sites
Uhhh the session thing sounds like it should work...

For the two people on the same account thing you could just add 3 rows to your database

logged_in logged_in_ip last_active

Have logged_in set to 1 when they login and have it 0 when they log out... And since most people just close their browser and dont hit log out you could use the logged_in_ip to track the last ip they logged on from and allow tem to login if it was the same ip... The last_active row comes in where if their not the ip from last time... That way if its been a certain amount of time since someone was active on the account it wont let them login but if its been like 5 minutes of activity it could let them login and void the session from the other person... I dont know exactly how you would make that all fit together but im sure you can figure something out.

Share this post


Link to post
Share on other sites
It's quite simple.

Heres a small tutorial how to do it ^^

First create a new table in your db called let's say "iplogin".
With the columns:

- uid - auto increment - unique - max letters 200
- login_ip - varchar - max letters 40
- last_login - bigint - 100( ? )

add this code when you login
This is rather sloppy work as it's very late, but it should be something like this:
[B] Might contain minor errors [/B]
[code]
<?php
$user_ip = $REMOTE_ADDR;
$check_ip = mysql_fetch_array(mysql_query("SELECT * FROM iplogin where login_ip='$user_ip'"));
if($check_ip[uid] != ""){

$time_now = date("YmdHis");
$time_then = $check_ip[last_login];
$time_intervall = 30;  // This checks how long time before he can log in again (Seconds)
if(($time_now - $time_intervall) <= $time_then){
die("You have recently logged in");
}
else{
$allow_login=1;
$newtime = date("YmdHis");
mysql_query("UPDATE iplogin set last_login='$newtime' where login_ip='$REMOTE_ADDR'");
}
}
else{
$allow_login =1;
$newtime=date("YmdHis");
mysql_query("INSERT INTO iplogin (login_ip, last_login) VALUES('$REMOTE_ADDR', '$newtime')");
}


// TO THE LOGIN PART
if($allow_login == 1){
// Login stuff here
}
else{
die("SIMON SAYS YOU ARE NO LOGIN LOL!");
}
?>
[/code]

Share this post


Link to post
Share on other sites
why $newtime = date("YmdHis");?  why not just a time stamp?

Share this post


Link to post
Share on other sites
correct you have to add a time stamp if you want if 24 hours long

Share this post


Link to post
Share on other sites
[quote author=redarrow link=topic=104024.msg414860#msg414860 date=1155447224]
correct you have to add a time stamp if you want if 24 hours long
[/quote]

haha yeah, but its just the way I work, date("YmdHis") will give something like this: 19950911234510
and I feel more comfy working with that :)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.