Users Online

[EZE]

I'm trying to create a users online script for only those that are logged in. I have my users table set up, and the cookies (not sessions) i use are $_COOKIE['loggedin'] (true/false values) to see if the user is logged in. And $_COOKIE['uid'] to grab info about their profile. You have to be logged in to view the website, so I thought users would like to know whose online with them. How do I do this? I read other related topics and people said use a timestamp and another mysql table?  ??? Whats a timestamp?

[btherl]

A timestamp is just a time.  Usually it'll be the number of seconds since midnight 1 Jan 1970.  Probably they expect you to use it to see when the other users were last active.  A user not active for more than 10 minutes or so should probably be considered "logged out".

 

Regarding those cookies, users can forge their user id and logged in status in just by altering their cookies.  Sessions are better.

[Fergusfer]

Regarding those cookies, users can forge their user id and logged in status in just by altering their cookies.  Sessions are better.

 

True, though sessions are by no means inherently secure either.  If security is a concern, steps should be taken to harden the application against session hijacking.

 

One can also make it more difficult to forge values by salting and hashing them.

 

[EZE]

I've never used sessions before, what are the benefits and how do I use them and implement them into my site?

[JParishy]

For this, I would have part of the users table have a field called 'loggedin.'

 

+------------+-----------+-----------+

| Username | Password | loggedin  |

+------------+-----------+-----------+

 

Then when the user logs on, switch 'loggedin' to 'true' (vice-verca for logging out).

 

Then do,

$getUsers = mysql_query("SELECT * FROM users_table_name WHERE loggedin = 'true'");

echo "<b>Users Online:</b><br>";

while($putIntoArray = mysql_fetch_array($getUsers))
{
        echo $putIntoArray[username] . "<br>";
}

 

I am new to PHP, so this is probably not the most efficient way, but it should work.

 

EDIT: Fixed something,

[kid_drew]

The differences between cookies and sessions are in location (server vs client) and lifetime (sessions get blown away often).

 

Sessions are just temporary variables stored on your server as files or in your database (depending on what you specify in php.ini) that remain active over every served page.  As long as your user is active, the session variables are active.  You can access them using the $_SESSION global array.  Sessions are great for storing temporary info that you don't want users to be able to edit (username, password, for instance).  So, when a user logs in to your site, set the session variable $_SESSION['username'] = $username.  Then when you need to see the current user's name, just access that index in the session variable.  And when your user logs out, you unset the session variables.

 

Cookies are good for storing information that you want to last even after a session is destroyed, but be careful using cookies for secure data as they can be edited by the user.  Shopping cart data is a good use of cookies.  As is login information if a user selects the "remember me" box, but you always want to verify that the username/password combo is valid so that someone can't login to another users account by editing their cookie.

 

I've never used sessions before, what are the benefits and how do I use them and implement them into my site?

[kid_drew]

I've personally done this with a separate table.  That way you blow away the entry in the table when the user logs off or their session variable expires.  Unless >50% of your users are active all the time, this makes for a smaller database.

 

For this, I would have part of the users table have a field called 'loggedin.'

 

+------------+-----------+-----------+

| Username | Password | loggedin  |

+------------+-----------+-----------+

 

Then when the user logs on, switch 'loggedin' to 'true' (vice-verca for logging out).

 

Then do,

$getUsers = mysql_query("SELECT * FROM users_table_name WHERE loggedin = 'true'");

echo "<b>Users Online:</b><br>";

while($putIntoArray = mysql_fetch_array($getUsers))
{
        echo $putIntoArray[username] . "<br>";
}

 

I am new to PHP, so this is probably not the most efficient way, but it should work.

 

EDIT: Fixed something,

[JParishy]

Aye, but it works.

[only one]

here you go, make a new feild in your users table

<?php
$date = date("YmdHi");
$info = mysql_query("SELECT * FROM usertable WHERE lastactive>$date"); // edit this
$r = mysql_fetch_array($info);
$number = mysql_num_rows($info);
echo "users active in last 15 minutes:$number<br /><br />$r['username']";
?>

to update it:

<?php
$lastactive = date("YmdHi") + 15;
mysql_query("UPDATE usertable SET lastactive='$lastactive' WHERE username = '$user'");
?>

 

using this date format date("YmdHi") will return a number like 200704052048(YearMonthDayHourMinute)

all the numbers have leading zeros like say its 1am it comes up as 01 and if its 1pm it comes up as 13.., this means that you can never return a number thats less only greater, when you add 15 it ads on an extra 15... the only problem is if its 5 minutes and you add an extr 15 it will go up to 74, not the next hour, this means everytime the hour changes the last active gets wiped