Galgoran Posted August 12, 2006 Share Posted August 12, 2006 Hey, everyone. I'm fairly new with PHP, though I can work my way around the basics quite well. I hope I've put this in the right place. If I need to provide any information in order to get help, I'll be happy to provide it.Right now I'm rewriting my website's login page essentially from scratch in order to deal with several problems.First and foremost of these, I mean to prevent people from being logged in multiple times with the same account (and with different accounts, if it's on the same computer).Now, I've thought it over, and the way I've seen myself doing it is this:- When the login form is submitted, select the session ID currently stored in the login table (where stored IP = current IP?).- Unset the session with that ID.- Upload the current session ID to the database with other info, ready for the process to repeat itself with the next login.Since there is an include checking the user's session to see whether they're logged in at the top of every page beyond login, unsetting the user's session would send him to the login page.It seems like solid reasoning to me, but unfortunately, I don't know quite enough about sessions to make it work. (For example: if the user is trying to log on two accounts from the same computer, would the session ID being used at login be the same as the session ID being used by the account already logged on?)What I want to know, I suppose, is:- whether or not this is a valid plan.- How I would go about unsetting the previous session by its ID (I would assume this is possible, but I may be mistaken)- What sort of changes would need to be enacted to prevent two people logging onto the same account, at the same time, from different computers. Quote Link to comment Share on other sites More sharing options...
corbin Posted August 12, 2006 Share Posted August 12, 2006 Uhhh the session thing sounds like it should work...For the two people on the same account thing you could just add 3 rows to your database logged_in logged_in_ip last_activeHave logged_in set to 1 when they login and have it 0 when they log out... And since most people just close their browser and dont hit log out you could use the logged_in_ip to track the last ip they logged on from and allow tem to login if it was the same ip... The last_active row comes in where if their not the ip from last time... That way if its been a certain amount of time since someone was active on the account it wont let them login but if its been like 5 minutes of activity it could let them login and void the session from the other person... I dont know exactly how you would make that all fit together but im sure you can figure something out. Quote Link to comment Share on other sites More sharing options...
elhama Posted August 13, 2006 Share Posted August 13, 2006 It's quite simple.Heres a small tutorial how to do it ^^First create a new table in your db called let's say "iplogin".With the columns:- uid - auto increment - unique - max letters 200- login_ip - varchar - max letters 40- last_login - bigint - 100( ? )add this code when you loginThis is rather sloppy work as it's very late, but it should be something like this:[B] Might contain minor errors [/B][code]<?php$user_ip = $REMOTE_ADDR;$check_ip = mysql_fetch_array(mysql_query("SELECT * FROM iplogin where login_ip='$user_ip'"));if($check_ip[uid] != ""){$time_now = date("YmdHis");$time_then = $check_ip[last_login];$time_intervall = 30; // This checks how long time before he can log in again (Seconds)if(($time_now - $time_intervall) <= $time_then){die("You have recently logged in");}else{$allow_login=1;$newtime = date("YmdHis");mysql_query("UPDATE iplogin set last_login='$newtime' where login_ip='$REMOTE_ADDR'");}}else{$allow_login =1;$newtime=date("YmdHis");mysql_query("INSERT INTO iplogin (login_ip, last_login) VALUES('$REMOTE_ADDR', '$newtime')");}// TO THE LOGIN PARTif($allow_login == 1){// Login stuff here}else{die("SIMON SAYS YOU ARE NO LOGIN LOL!");}?>[/code] Quote Link to comment Share on other sites More sharing options...
Galgoran Posted August 13, 2006 Author Share Posted August 13, 2006 Thank you both for your help, this will make things a great deal easier. Quote Link to comment Share on other sites More sharing options...
corbin Posted August 13, 2006 Share Posted August 13, 2006 why $newtime = date("YmdHis");? why not just a time stamp? Quote Link to comment Share on other sites More sharing options...
redarrow Posted August 13, 2006 Share Posted August 13, 2006 correct you have to add a time stamp if you want if 24 hours long Quote Link to comment Share on other sites More sharing options...
elhama Posted August 13, 2006 Share Posted August 13, 2006 [quote author=redarrow link=topic=104024.msg414860#msg414860 date=1155447224]correct you have to add a time stamp if you want if 24 hours long[/quote]haha yeah, but its just the way I work, date("YmdHis") will give something like this: 19950911234510 and I feel more comfy working with that :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.