[SOLVED] stopping multiple users using 1 login

[r-it]

does anyone know any mysql transaction locking methods of some sort to stop a user from logging in at multiple places with one username, it must only allow one user with the username use that account. is there any way to stop that, as i have a subscription that people pay for and i want one user per username, how is that possible because there are many factors i had to consider, like if a user's session is loggged in a db and then they get removed when they logoff, but what if they don't logoff, what then?

[neel_basu]

Just make another field in your Table named `status` or something like this

And when a user log's In set the status to 1 and when User Logs Out make it 0.

and When User loges In first make sure that status is 0.

If not ask him Log out First.

[boo_lolly]

why would you want to do that? imagine of someone forgot to logout, then went to a different computer and tried to login. that person would be locked out of their own account. i'd use the `status` field for sure, but i'd also add another field and call it `ip`. this would store the last `ip` that the user logged in at. the status field would tell whether the user is logged in or not. if the user logs into the same account from a different computer, the database field `ip` would be update to match that new ip, however, the `status` would stay the same. that's my opinion.

[Psycho]

There is not "good" method of doing this. I suggest the following:

 

Log the session for the user in the database. For any page that a user loads see if the session id matches what you have in the database. If not, tell the user they are not logged in.

 

Now the problem with this approach is that if user A is logged in and then user B logs is with the same account, user A get automatically logged out.

 

Trying to do this from the other approach of not allowing a 2nd user to log in while a 1st user is already logged in will cause more trouble for you. If someone closes the window without logging out you have no way of automatically logging them out. You could put a time-out clause by logging the time of their last activity and if they try to log in and the db shows them as logged in, but with no recent activity, then allow them to log in.

[neel_basu]

why would you want to do that? imagine of someone forgot to logout, then went to a different computer and tried to login. that person would be locked out of their own account. i'd use the `status` field for sure, but i'd also add another field and call it `ip`. this would store the last `ip` that the user logged in at. the status field would tell whether the user is logged in or not. if the user logs into the same account from a different computer, the database field `ip` would be update to match that new ip, however, the `status` would stay the same. that's my opinion.

I agree with You

It can be solved in this Way

If everything On your site depends on status = 1

if found that status = 0 while working ask him to relogin

/*

If status is 1 Currently Dont oevewrite it with 1 again make it 0 then make it 1

*/

When User tries to login from a Different PC ask him to Sign Out.

When He Signs Out. Then status = 0.

So teh Previous PC gets Sign Out.

Now login the Current User

[boo_lolly]

open and shut case, guys.

[Caesar]

Definitely use sessions in the db. Keep track of session id and session ip's. :-) Not perfect but...well, not a bad way of dealing with it

[r-it]

thanks a lot guys, really appreciate it