gerrydewar Posted March 28, 2006 Share Posted March 28, 2006 Having one problem with my session at the moment. I can log in ok and do what needs to be done. I can keep track of my users which is great. The problem i am having is once a user is logged in another user can then log in on top of them. Below is a copy of my code for my login page. If a user is logged in then another user should not be able to access the log in page properly. A message should be displayed telling them a user is currently logged in. This does not happen. What does happen is that everytime a user accesses the login page they always get a chance to enter their username and password. Can you see where my problem lies? Can anyone see where i'm going wrong?[code]<?php//check to see if anyone is logged in alreadyif (isset($_SESSION['loggedin'])){ die("You are already logged in as $name. If you are not $name <br><a href='logout.php'>click here to logout</a> otherwise <a href='logged_in.php'>click here to continue</a>"); //if nobody logged in then.... }else{ if (isset($_POST['submit'])){ require_once ('../mysql_connect.php'); $username=$_POST['Login_email']; //Get the username the user has entered $password=$_POST['Password']; //Get the password the user has entered if($username && $password){ $result=mysql_query($sql); //If the user gets to here, then they have typed both a username and password, so we may now go onto finding out if they exist in the DB $sql="SELECT * FROM users WHERE email='$username' AND password='$password'"; //get rows where the username field matches the username or email field in the database with same password $result=mysql_query($sql); if(mysql_num_rows($result) > 0){ session_start(); //start the session $_SESSION['loggedin']="TRUE"; //set the global session varible for loggedin to true $row=mysql_fetch_array($result); $_SESSION['username'] = $row[1]; $_SESSION['userid'] = $row[0]; $name = $row[1]; $userid = $row[0]; die("Welcome $name $userid. You are now logged in. <a href='logged_in.php'>Click here to continue</a>"); }else{ die("Incorrect Login! Your username or password do not match records stored in the database. Please try again. <a href='login2.php'>Click here to go back</a>"); } }else{ die("You must enter a username and password!"); } }//submit}//session?><!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type"content="text/html;charset=encoding"/> <title>Login</title> <h2>Login page</h2> </head> <body> <form method="POST" action="<?php echo "$PHP_SELF";?>"<font face="Arial"> <fieldset> <b><font size="2">Email: </font></b><input type="text" name="Login_email" size="40" maxlength="255"><br\> <b><font size="2"><br>Password: </font></b><input type="password" name="Password" size="16" maxlength="255"><br\> <input type="submit" name="submit" value="Login!"><font size="2"> </font> </fieldset> </form> <p>If you have yet to register for an account please follow the link below to create one.</p><p><font face="Arial" size="2"><a href="register.php">Register for an account</a></font></p> </body></html>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/6003-successfully-created-a-session-but/ Share on other sites More sharing options...
trq Posted March 28, 2006 Share Posted March 28, 2006 Sessions cannot be shared accross users. So just because one user is logged in, doesn't meen your sessions are aware of another user attempting to login. In other words.... this[code]//check to see if anyone is logged in alreadyif (isset($_SESSION['loggedin'])){[/code]Does not check if ANY user is already logged in, but checks if the CURRENT user is logged on.What you would need to do is something like.... When a user logs in, set a field in your db to true. When another user attempts to login, check this field, if its true, deny them. Quote Link to comment https://forums.phpfreaks.com/topic/6003-successfully-created-a-session-but/#findComment-21545 Share on other sites More sharing options...
gerrydewar Posted March 28, 2006 Author Share Posted March 28, 2006 [!--quoteo(post=359243:date=Mar 28 2006, 12:37 PM:name=thorpe)--][div class=\'quotetop\']QUOTE(thorpe @ Mar 28 2006, 12:37 PM) [snapback]359243[/snapback][/div][div class=\'quotemain\'][!--quotec--]Sessions cannot be shared accross users. So just because one user is logged in, doesn't meen your sessions are aware of another user attempting to login. In other words.... this[code]//check to see if anyone is logged in alreadyif (isset($_SESSION['loggedin'])){[/code]Does not check if ANY user is already logged in, but checks if the CURRENT user is logged on.What you would need to do is something like.... When a user logs in, set a field in your db to true. When another user attempts to login, check this field, if its true, deny them.[/quote]I thought that is what i had already done. I set [code]$_SESSION['loggedin']="TRUE";[/code]then i check to see if it is true or not at the top of the script. I only ever want one user to be logged in at any time. I see what your saying about adding a field to the database but i thought this could be done without doing something like that. Quote Link to comment https://forums.phpfreaks.com/topic/6003-successfully-created-a-session-but/#findComment-21549 Share on other sites More sharing options...
ober Posted March 28, 2006 Share Posted March 28, 2006 Right, but you're missing thorpe's point. A session is specific to each user, not ALL users on your site. You will have to use a flat file or a database to see if any user is logged in.Think of sessions as bank accounts and your website as a bank. Everyone putting money into your bank has their own account. If you wanted to see what the balance was for ALL the users, you'd go to the bank's register, not someone's specific account. Quote Link to comment https://forums.phpfreaks.com/topic/6003-successfully-created-a-session-but/#findComment-21563 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.