kingdavidbaker Posted October 13, 2009 Share Posted October 13, 2009 I am using a script I got from http://phpsense.com/php/php-login-script.html in order to allow people to login but prevent multiple logins with the same username. Everything appears to work fine however multiple people can still login simultaneously. I have verified sessions are being stored with the correct info and it appears cookies are generated as well so why can people login with the same username from different machines simultaneously? I have included all of the php pages i'm using as well as a copy of my php.ini file. Any help would be GREATLY appreciated. [attachment deleted by admin] Quote Link to comment https://forums.phpfreaks.com/topic/177568-login-script-issues/ Share on other sites More sharing options...
PFMaBiSmAd Posted October 13, 2009 Share Posted October 13, 2009 That is a simplistic login in script. It does not have any advanced features to manage things like preventing multiple logins. That would require storing the logged in/out status and information about where the current login came from/session id in a database table. Quote Link to comment https://forums.phpfreaks.com/topic/177568-login-script-issues/#findComment-936257 Share on other sites More sharing options...
kingdavidbaker Posted October 13, 2009 Author Share Posted October 13, 2009 Now that I have read more carefully I see you are correct. So I imagine I would need to store some session info in my db and have the pages check whether or not session info is there....if it is not then login is allowed and if it is either login will be rejected or it will be accepted and the other user will be kicked. So I have the theory....anyone that can help with actual implementation? Quote Link to comment https://forums.phpfreaks.com/topic/177568-login-script-issues/#findComment-936280 Share on other sites More sharing options...
mikesta707 Posted October 13, 2009 Share Posted October 13, 2009 create a database that has a list of logged on users (obviously remove them when the log off). if the user trying to log in is on that list, deny them access. thats how I would do it anyways Quote Link to comment https://forums.phpfreaks.com/topic/177568-login-script-issues/#findComment-936284 Share on other sites More sharing options...
kingdavidbaker Posted October 13, 2009 Author Share Posted October 13, 2009 Hmm....I have almost no idea how to do that haha. Creating the database should be simple enough but I'm lost on how to code something along those lines. Found the code below which looks like it should do what I want so I'm playing with it. #Prevent Membership Fraud //check if someone is logged in if (isset($_SESSION['user_id'])) { //connect to your db require('../../../connect.php'); /*build query using hirer_id and current_session_id, get count. If query comes back with a 1, it means there is a match. A match is good because it means no one else logged in during their session. On the other hand, a 0 indicates that no match, meaning someone else logged in simultaneously. Zeros get the boot of death.*/ $result = mysql_query('SELECT COUNT(*) FROM user WHERE user_id='.$_SESSION['user_id']." AND session_id='".mysql_real_escape_string(md5(session_id()))."'"); $login_status = mysql_result($result,0,0); //recall 1 is good, 0 is bad if (0 == $login_status) { //give them the boot //this is copied from my logout script $_SESSION = array(); //destroy the variables session_destroy(); //destroy the session itself setcookie(session_name(), '', time()-300, '/', '', 0); //destroy the cookie echo 'Hey, someone else logged in using your account info which means you get the boot.'; exit(); } } Will let you know if this works and if anyone else has an idea or some code that would be fantastic =0) Quote Link to comment https://forums.phpfreaks.com/topic/177568-login-script-issues/#findComment-936309 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.