Jump to content

Preventing Simultaneous Logins

Galgoran

By Galgoran
in PHP Coding Help

 Share

Recommended Posts

Galgoran Newbie

Galgoran

Posted
Posted
Hey, everyone. I'm fairly new with PHP, though I can work my way around the basics quite well. I hope I've put this in the right place. If I need to provide any information in order to get help, I'll be happy to provide it.

Right now I'm rewriting my website's login page essentially from scratch in order to deal with several problems.

First and foremost of these, I mean to prevent people from being logged in multiple times with the same account (and with different accounts, if it's on the same computer).

Now, I've thought it over, and the way I've seen myself doing it is this:

- When the login form is submitted, select the session ID currently stored in the login table (where stored IP = current IP?).
- Unset the session with that ID.
- Upload the current session ID to the database with other info, ready for the process to repeat itself with the next login.

Since there is an include checking the user's session to see whether they're logged in at the top of every page beyond login, unsetting the user's session would send him to the login page.

It seems like solid reasoning to me, but unfortunately, I don't know quite enough about sessions to make it work. (For example: if the user is trying to log on two accounts from the same computer, would the session ID being used at login be the same as the session ID being used by the account already logged on?)

What I want to know, I suppose, is:

- whether or not this is a valid plan.
- How I would go about unsetting the previous session by its ID (I would assume this is possible, but I may be mistaken)
- What sort of changes would need to be enacted to prevent two people logging onto the same account, at the same time, from different computers.
Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted
Uhhh the session thing sounds like it should work...

For the two people on the same account thing you could just add 3 rows to your database

logged_in logged_in_ip last_active

Have logged_in set to 1 when they login and have it 0 when they log out... And since most people just close their browser and dont hit log out you could use the logged_in_ip to track the last ip they logged on from and allow tem to login if it was the same ip... The last_active row comes in where if their not the ip from last time... That way if its been a certain amount of time since someone was active on the account it wont let them login but if its been like 5 minutes of activity it could let them login and void the session from the other person... I dont know exactly how you would make that all fit together but im sure you can figure something out.
Link to comment
Share on other sites
elhama Newbie

elhama

Posted
Posted
It's quite simple.

Heres a small tutorial how to do it ^^

First create a new table in your db called let's say "iplogin".
With the columns:

- uid - auto increment - unique - max letters 200
- login_ip - varchar - max letters 40
- last_login - bigint - 100( ? )

add this code when you login
This is rather sloppy work as it's very late, but it should be something like this:
[B] Might contain minor errors [/B]
[code]
<?php
$user_ip = $REMOTE_ADDR;
$check_ip = mysql_fetch_array(mysql_query("SELECT * FROM iplogin where login_ip='$user_ip'"));
if($check_ip[uid] != ""){

$time_now = date("YmdHis");
$time_then = $check_ip[last_login];
$time_intervall = 30;  // This checks how long time before he can log in again (Seconds)
if(($time_now - $time_intervall) <= $time_then){
die("You have recently logged in");
}
else{
$allow_login=1;
$newtime = date("YmdHis");
mysql_query("UPDATE iplogin set last_login='$newtime' where login_ip='$REMOTE_ADDR'");
}
}
else{
$allow_login =1;
$newtime=date("YmdHis");
mysql_query("INSERT INTO iplogin (login_ip, last_login) VALUES('$REMOTE_ADDR', '$newtime')");
}


// TO THE LOGIN PART
if($allow_login == 1){
// Login stuff here
}
else{
die("SIMON SAYS YOU ARE NO LOGIN LOL!");
}
?>
[/code]
Link to comment
Share on other sites
elhama Newbie

elhama

Posted
Posted
[quote author=redarrow link=topic=104024.msg414860#msg414860 date=1155447224]
correct you have to add a time stamp if you want if 24 hours long
[/quote]

haha yeah, but its just the way I work, date("YmdHis") will give something like this: 19950911234510
and I feel more comfy working with that :)
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.