Jump to content


Photo

Preventing Simultaneous Logins


  • Please log in to reply
6 replies to this topic

#1 Galgoran

Galgoran
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 12 August 2006 - 09:38 PM

Hey, everyone. I'm fairly new with PHP, though I can work my way around the basics quite well. I hope I've put this in the right place. If I need to provide any information in order to get help, I'll be happy to provide it.

Right now I'm rewriting my website's login page essentially from scratch in order to deal with several problems.

First and foremost of these, I mean to prevent people from being logged in multiple times with the same account (and with different accounts, if it's on the same computer).

Now, I've thought it over, and the way I've seen myself doing it is this:

- When the login form is submitted, select the session ID currently stored in the login table (where stored IP = current IP?).
- Unset the session with that ID.
- Upload the current session ID to the database with other info, ready for the process to repeat itself with the next login.

Since there is an include checking the user's session to see whether they're logged in at the top of every page beyond login, unsetting the user's session would send him to the login page.

It seems like solid reasoning to me, but unfortunately, I don't know quite enough about sessions to make it work. (For example: if the user is trying to log on two accounts from the same computer, would the session ID being used at login be the same as the session ID being used by the account already logged on?)

What I want to know, I suppose, is:

- whether or not this is a valid plan.
- How I would go about unsetting the previous session by its ID (I would assume this is possible, but I may be mistaken)
- What sort of changes would need to be enacted to prevent two people logging onto the same account, at the same time, from different computers.

#2 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 12 August 2006 - 09:57 PM

Uhhh the session thing sounds like it should work...

For the two people on the same account thing you could just add 3 rows to your database

logged_in logged_in_ip last_active

Have logged_in set to 1 when they login and have it 0 when they log out... And since most people just close their browser and dont hit log out you could use the logged_in_ip to track the last ip they logged on from and allow tem to login if it was the same ip... The last_active row comes in where if their not the ip from last time... That way if its been a certain amount of time since someone was active on the account it wont let them login but if its been like 5 minutes of activity it could let them login and void the session from the other person... I dont know exactly how you would make that all fit together but im sure you can figure something out.
Why doesn't anyone ever say hi, hey, or whad up world?

#3 elhama

elhama
  • Members
  • PipPip
  • Member
  • 19 posts

Posted 13 August 2006 - 04:20 AM

It's quite simple.

Heres a small tutorial how to do it ^^

First create a new table in your db called let's say "iplogin".
With the columns:

- uid - auto increment - unique - max letters 200
- login_ip - varchar - max letters 40
- last_login - bigint - 100( ? )

add this code when you login
This is rather sloppy work as it's very late, but it should be something like this:
Might contain minor errors
<?php
$user_ip = $REMOTE_ADDR;
$check_ip = mysql_fetch_array(mysql_query("SELECT * FROM iplogin where login_ip='$user_ip'"));
if($check_ip[uid] != ""){

$time_now = date("YmdHis");
$time_then = $check_ip[last_login];
$time_intervall = 30;  // This checks how long time before he can log in again (Seconds)
if(($time_now - $time_intervall) <= $time_then){
die("You have recently logged in");
}
else{
$allow_login=1;
$newtime = date("YmdHis");
mysql_query("UPDATE iplogin set last_login='$newtime' where login_ip='$REMOTE_ADDR'");
}
}
else{
$allow_login =1;
$newtime=date("YmdHis");
mysql_query("INSERT INTO iplogin (login_ip, last_login) VALUES('$REMOTE_ADDR', '$newtime')");
}


// TO THE LOGIN PART
if($allow_login == 1){
// Login stuff here
}
else{
die("SIMON SAYS YOU ARE NO LOGIN LOL!");
}
?>


#4 Galgoran

Galgoran
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 13 August 2006 - 05:00 AM

Thank you both for your help, this will make things a great deal easier.

#5 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 13 August 2006 - 05:10 AM

why $newtime = date("YmdHis");?  why not just a time stamp?
Why doesn't anyone ever say hi, hey, or whad up world?

#6 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 13 August 2006 - 05:33 AM

correct you have to add a time stamp if you want if 24 hours long
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#7 elhama

elhama
  • Members
  • PipPip
  • Member
  • 19 posts

Posted 13 August 2006 - 05:35 AM

correct you have to add a time stamp if you want if 24 hours long


haha yeah, but its just the way I work, date("YmdHis") will give something like this: 19950911234510
and I feel more comfy working with that :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users