users_online

[9911782]

Hi All

I wanted to have a SCRIPT that will determine who is online & logged into our system. I want to send that information to my db. I do have the script, but I do not know where to put the script.
here is the script:
========================
<?php session_start();
$session=session_id();
$time=time();
$time_check=$time-600; //SET TIME 10 Minute

//open connection to the database
require_once('inc_conn.php');
// prepare query
$sql="SELECT * FROM user_online WHERE session = '".$session."'";
//execute sql statements
$sessions = mysql_query($sql, $connimgp) or die(mysql_error());
//retrieve one row of records
$rows_sessions = mysql_fetch_array($sessions);
//determine the number of records in recordset
$num_rows = mysql_num_rows($sessions);
if($num_rows=="0"){
$sql1="INSERT INTO user_online(session, time,username)VALUES('$session', '$time','$username')";
$result1 = mysql_query($sql1, $connimgp) or die(mysql_error());
}
else {
$sql2="UPDATE user_online SET time='$time' WHERE session = '$session'";
$result2 = mysql_query($sql2, $connimgp) or die(mysql_error());
}

$sql3 = "SELECT * FROM  user_online";
$result3 = mysql_query($sql3, $connimgp) or die(mysql_error());

$count_user_online=mysql_num_rows($result3);



// if over 10 minute, delete session
$sql4 = "DELETE FROM user_online WHERE time < $time_check";
$result4=mysql_query($sql4, $connimgp) or die(mysql_error());

mysql_close();

// Open multiple browser page for result
?>
====================================

Is this the right script?
Can somebody tell me where to put in my system?
here is my login system
login_verify.php:
=========================
<?php session_start(); ?>
<?php
// Test if the user clicked on the register button
if(isset($_REQUEST['btnlogin'])){
$username = strtolower(trim($_REQUEST['username']));
$persalno = strtolower(trim($_REQUEST['persalno']));
$password = strtolower(trim($_REQUEST['password']));

// Connect to the MYSQL server and use dbaddbook
require_once('inc_conn.php');

// Check if the username exists in the database

//$sql = "SELECT users.persalno, users.username, userrole.roleid FROM user, userrole WHERE users.username = '".$username."' AND users.password = password('".$password."') AND users.persalno = userrole.persalno";
$sql = "SELECT users.persalno, users.username, userrole.roleid FROM users, userrole WHERE users.persalno = '".$persalno."' AND users.password = password('".$password."') AND users.persalno = userrole.persalno";

// Create a recordset called  $rssignin
$rssignin = mysql_query($sql, $connimgp);

// Find out how many seconds are in the recordset and extract the first record from the recordset
$row_rssignin = mysql_fetch_array($rssignin);

// Now we have to check if the recordset returned any records
if($row_rssignin > 0){
// get records and set to session variables
$_SESSION['svuid'] = $row_rssignin['persalno'];
$_SESSION['svuname'] = $row_rssignin['username'];
$_SESSION['svroleid'] = $row_rssignin['roleid'];


// Free up the resultset
mysql_free_result($rssignin);

/**************************/
// initialise return statement
$returnaccess;

// check that the user's role has been set before proceeding
if(isset($_SESSION['svroleid'])){
// Connect to the MYSQL server and use dbaddbook
require_once('inc_conn.php');
// prepare sql statement to axtract user's access level clearance and corresponding permissions for each level
$sql = "SELECT levelid, permid FROM task, roletask WHERE task.taskid = roletask.taskid AND roletask.roleid = '".$_SESSION['svroleid']."'";

$rstasks = mysql_query($sql, $connimgp) or die("There was an error : ".mysql_errno()." : ".mysql_error());

$rows_rstasks = mysql_fetch_array($rstasks);

if($rows_rstasks > 0){
// prepare array for credentials
$permarray = array();
do{
if($permarray[$rows_rstasks['levelid']]){
//if point we are at corresponds to level id, add value at index [$rows_rstasks['levelid']][(count($permarray[1]))]
$permarray[$rows_rstasks['levelid']][count($permarray[1])] = $rows_rstasks['permid'];
} else { // if this level has not yet been created in array, create it and place value in it
$permarray[$rows_rstasks['levelid']] = array($rows_rstasks['permid']);
}
}while($rows_rstasks = mysql_fetch_array($rstasks));
}
// free resultset
mysql_free_result($rstasks);
}
$returnaccess = $permarray;
$_SESSION['svcred'] = $returnaccess;
/**************************/


// Redirect the user back to the registration page if a duplicate username was found - append a parameter
header("Location: index.php"); // somewhere
// Prevents the rest of the code form executing
break;
} else {
// Free up the resultset
mysql_free_result($rssignin);

// Redirect the user back to the registration page if a duplicate username was found - append a parameter
header("Location: login.php?username=notexist");
}
// Close the connection
mysql_close($connimgp);
}
?>
=========================

Thank you
9911782

[JasonLewis]

i didnt check the script totally.... but you could call it log.php or something and just include it on your main file or something. like if you have a file called layout.php that handles everything.. example: layout.php?page=members/login.php or something like that, include the file in there, but remove the session_start() and place it in the layout.php file.
but if its not like that you might have to include it in every file.

[9911782]

does that means I have to include this after I logged in the 1st redirect page?

thank you :)