Jump to content

Need help with user validation for my website please!


Xines

Recommended Posts

Hello, i've been trying to make my website work currectly when multi loggin, but when i multi-login 2 accounts, and i switch page on one of the users lets call him user1, then goto the other user2 and switch page, my "username" at "user2" switches automaticly to user1, so i'll end up having 2 of the same usernames logged in so its "user1" and on the other account that should have been user2 it returns -> "user1".

 

I have everything else setup correct, by using sha256 for encryption, and having my salt setup correct aswell.

 

I'm using the latest bootstrap, and having mysql setup obv.

 

I have no idea how to fix this, but i'm sure it's some kind of user validation that i need to include. :confused:

 

So if someone is willing to help me out i will be really thanksfull! :)

 

- Sincerely Xines.

Link to comment
Share on other sites

So you are logging into one user account then once logged in signing into another account in the same browser? Then yes this will happen. This is why websites make you logout when you want to login in as a different user.

 

If you are testing your site with different user accounts being signed in at the same time then I suggest you use a different web browser (or computer) for each user you are signed in as.

Link to comment
Share on other sites

Are you building a solution where multiple people need to be logged into the same computer at the same time? If not, you can test the "multi-login" code with different browsers. User 1, for example, could be logged into Chrome. And User 2 could be logged into Firefox. Or you could use two different computers.

Link to comment
Share on other sites

Hey, i'm building a community site for my server at counter-strike source, i had a friend "at another location" to login after he registered, then once he was logged in i logged in aswell and changed page, then my username changes to his.

 

For now i just want to get this little bug fixed before adding a "if logged in" function to prevent multi login so in the end i can be active aswell as my friends browsing pages without our usernames/accounts getting switched like a normal site. :)

 

- I can provide code but since i don't know where the bug starts it obv will be dumb to post almost whole website code here, if you think you can help me then please pm me :)

Edited by Xines
Link to comment
Share on other sites

We need to look at the code  that processes the login .

 

Usually when you have authorized a user you set a "logged in" flag in the session. Each user has their own private session (that is how PHP sessions work). To determine if the user is logged in your check to see if the "logged in" flag exists. That is the very basic for a login system.

Link to comment
Share on other sites


This is what i have so far, just included a ip function in register, but not rly using it yet, just good to have peoples ip gathered for later checks.


Login.php

<?php
include_once("includes/config.php");
$submitted_username = '';
if(!empty($_POST)){
$query = "
SELECT
id,
username,
password,
salt,
email,
ip
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);

try{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); }
$login_ok = false;
$row = $stmt->fetch();
if($row){
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++){
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']){
$login_ok = true;
}
}

if($login_ok){
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("location: admin/index");
die("Redirecting to: admin/index");
}
else{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
?>

 

Link to comment
Share on other sites


            header("location: admin/index");
            die("Redirecting to: admin/index");

The "admin/index" here is the same as "home/index" or whatever, i haven't renamed it yet :)

 

users can only see the page "admin/index" once logged in, else they can only see the normal index/login/register and forgot password functions :)

Edited by Xines
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.