Xines Posted August 4, 2015 Share Posted August 4, 2015 Hello, i've been trying to make my website work currectly when multi loggin, but when i multi-login 2 accounts, and i switch page on one of the users lets call him user1, then goto the other user2 and switch page, my "username" at "user2" switches automaticly to user1, so i'll end up having 2 of the same usernames logged in so its "user1" and on the other account that should have been user2 it returns -> "user1". I have everything else setup correct, by using sha256 for encryption, and having my salt setup correct aswell. I'm using the latest bootstrap, and having mysql setup obv. I have no idea how to fix this, but i'm sure it's some kind of user validation that i need to include. So if someone is willing to help me out i will be really thanksfull! - Sincerely Xines. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted August 5, 2015 Share Posted August 5, 2015 So you are logging into one user account then once logged in signing into another account in the same browser? Then yes this will happen. This is why websites make you logout when you want to login in as a different user. If you are testing your site with different user accounts being signed in at the same time then I suggest you use a different web browser (or computer) for each user you are signed in as. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted August 5, 2015 Share Posted August 5, 2015 Are you building a solution where multiple people need to be logged into the same computer at the same time? If not, you can test the "multi-login" code with different browsers. User 1, for example, could be logged into Chrome. And User 2 could be logged into Firefox. Or you could use two different computers. Quote Link to comment Share on other sites More sharing options...
Xines Posted August 5, 2015 Author Share Posted August 5, 2015 (edited) Hey, i'm building a community site for my server at counter-strike source, i had a friend "at another location" to login after he registered, then once he was logged in i logged in aswell and changed page, then my username changes to his. For now i just want to get this little bug fixed before adding a "if logged in" function to prevent multi login so in the end i can be active aswell as my friends browsing pages without our usernames/accounts getting switched like a normal site. - I can provide code but since i don't know where the bug starts it obv will be dumb to post almost whole website code here, if you think you can help me then please pm me Edited August 5, 2015 by Xines Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted August 5, 2015 Share Posted August 5, 2015 We need to look at the code that processes the login . Usually when you have authorized a user you set a "logged in" flag in the session. Each user has their own private session (that is how PHP sessions work). To determine if the user is logged in your check to see if the "logged in" flag exists. That is the very basic for a login system. Quote Link to comment Share on other sites More sharing options...
Xines Posted August 5, 2015 Author Share Posted August 5, 2015 This is what i have so far, just included a ip function in register, but not rly using it yet, just good to have peoples ip gathered for later checks. Login.php <?php include_once("includes/config.php"); $submitted_username = ''; if(!empty($_POST)){ $query = " SELECT id, username, password, salt, email, ip FROM users WHERE username = :username "; $query_params = array( ':username' => $_POST['username'] ); try{ $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } $login_ok = false; $row = $stmt->fetch(); if($row){ $check_password = hash('sha256', $_POST['password'] . $row['salt']); for($round = 0; $round < 65536; $round++){ $check_password = hash('sha256', $check_password . $row['salt']); } if($check_password === $row['password']){ $login_ok = true; } } if($login_ok){ unset($row['salt']); unset($row['password']); $_SESSION['user'] = $row; header("location: admin/index"); die("Redirecting to: admin/index"); } else{ print("Login Failed."); $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); } } ?> Quote Link to comment Share on other sites More sharing options...
Xines Posted August 5, 2015 Author Share Posted August 5, 2015 (edited) header("location: admin/index"); die("Redirecting to: admin/index"); The "admin/index" here is the same as "home/index" or whatever, i haven't renamed it yet users can only see the page "admin/index" once logged in, else they can only see the normal index/login/register and forgot password functions Edited August 5, 2015 by Xines Quote Link to comment Share on other sites More sharing options...
Xines Posted August 6, 2015 Author Share Posted August 6, 2015 Anyone? Still needing this Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.