Jump to content

allow just one user to access


sofia403
Go to solution Solved by sofia403,

Recommended Posts

I have a problem with login system. I have two users, userA and userB in the same computer. userA enters to his account in one browser; userB gets access to his account in the same browser. My system thinks that now userB is also userA and userA is still connected to its own account but his name appears as userB. If these two users get access into different browsers, there is NO problem.

 

Do you have any idea how would i fix this so that users are restricted to only having one account the logged in to from one browser window? thanks

 

Welcome.php

<?

session_start();
session_id(); 
if (empty($_SESSION['username'])){
header("location:login.php");
exit;
}
?>
 
login.php
<? 
include('config.php');
session_start();
if(isset($_GET['reg'])){
$reg=$_GET['reg'];
}else{
$reg="";
}
if($reg==1){
$msg1="<font color=\"#009900\"><b>Your account has been created, please login</b></font>";
}elseif($reg==2){
$msg1="<font color=\"#009900\"><b>You have been successfully logged out.</b></font>";
}
 
if(isset($_POST['submit'])){
if( empty($_POST['uname']) && (empty($_POST['upass']))){
header( "Location:Messages.php?msg=1" ); 
exit();
}
//transfer to shorter var
$n=mysql_real_escape_string($_POST['uname']);
$p=mysql_real_escape_string($_POST['upass']);
 
//put in session vars
 
$mytime=time();
$mytime=date("H:i:s A",$mytime);
$_SESSION['time'] = $mytime;
$_SESSION['status'] = 'logged';
$_SESSION['username'] = $n;
//goto next page
header("location:welcome.php");
exit;
}else{
$_SESSION['status'] = 'not logged';
 
header( "Location:Messages.php?msg=2" ); 
exit();
}
}
?>

 

Link to comment
Share on other sites

I have a problem with login system. I have two users, userA and userB in the same computer. userA enters to his account in one browser; userB gets access to his account in the same browser. My system thinks that now userB is also userA and userA is still connected to its own account but his name appears as userB.

I don't know how that's even possible.

 

Same browser on the same computer? You can't have two users logged in at the same time unless you specifically allow for multiple people to be logged in at once. The two people will be using the same set of cookies, so after user A logs in, if user B tries to browse (that is, user A gets up out of the chair and lets user B sit down at the computer instead) then they will still be logged in as user A. How is that possible? Because the computer, the browser, and your website doesn't know that it's physically a different person.

If user B now tries to log in, either a] that's not possible because they're already logged in and there shouldn't be a way for a second user to log in while a first user is already, or b] the user now logged in will be user B and user A is gone... unless you have a bug in your system where not all the user A information is lost (but I don't see that in the code you've posted).

Edited by requinix
Link to comment
Share on other sites

Thanks for reply. I will try to explain this again maybe it will make a little more sense at what I'm trying to achieve.

 

Again lets say we have two users(UserA  and UserB) who use the same computer at home. They both use the same browser to access a website, but each have their own account. Now UserA  logs in to edit his profile in one tab, then while he is still logged in user Usertries to edit her profile using the same browser only using a different tab. When UserB loged in to her account and if we go back to UserA  tab and refresh it it will beUserB information. Im trying to prevent this from happening. 

 

So if one person is still logged in in one tab, the other person would be restricted to log in or the first one would be restricted to view the information about the second.

 

does that make sense?

Link to comment
Share on other sites

You can't know whether someone is still "logged in" on a tab or window.

 

This is one of those situations where you can't really solve it using code. It's a problem with the actual person (people) sitting at the computer. "Problem exists between keyboard and chair" as they say: the two people know damn well that they are both using the same browser and same computer, and if they leave themselves logged in then they can't assume you're somehow going to magically know that it's a different person sitting in front of the computer.

 

What you can do is prevent user A from being able to make changes to user B's profile: require a password to make changes. User A won't know the password so they can't do anything.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.