Jump to content


Photo

Successfully created a session but....


  • Please log in to reply
3 replies to this topic

#1 gerrydewar

gerrydewar
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts

Posted 28 March 2006 - 12:06 PM

Having one problem with my session at the moment. I can log in ok and do what needs to be done. I can keep track of my users which is great. The problem i am having is once a user is logged in another user can then log in on top of them. Below is a copy of my code for my login page. If a user is logged in then another user should not be able to access the log in page properly. A message should be displayed telling them a user is currently logged in. This does not happen. What does happen is that everytime a user accesses the login page they always get a chance to enter their username and password. Can you see where my problem lies? Can anyone see where i'm going wrong?

<?php
//check to see if anyone is logged in already
if (isset($_SESSION['loggedin'])){
    die("You are already logged in as $name. If you are not $name <br><a href='logout.php'>click here to logout</a> otherwise <a href='logged_in.php'>click here to continue</a>");

    //if nobody logged in then....
    }else{
    if (isset($_POST['submit'])){
        require_once ('../mysql_connect.php');
        $username=$_POST['Login_email']; //Get the username the user has entered
        $password=$_POST['Password']; //Get the password the user has entered
        if($username && $password){
        $result=mysql_query($sql);
        //If the user gets to here, then they have typed both a username and password, so we may now go onto finding out if they exist in the DB
        $sql="SELECT * FROM users WHERE email='$username' AND password='$password'"; //get rows where the username field matches the username or email field in the database with same password
        $result=mysql_query($sql);
            if(mysql_num_rows($result) > 0){
            session_start(); //start the session
            $_SESSION['loggedin']="TRUE"; //set the global session varible for loggedin to true
            $row=mysql_fetch_array($result);
            $_SESSION['username'] = $row[1];
            $_SESSION['userid'] = $row[0];
            $name = $row[1];
            $userid = $row[0];
            die("Welcome $name $userid. You are now logged in. <a href='logged_in.php'>Click here to continue</a>");
            }else{
            die("Incorrect Login! Your username or password do not match records stored in the database. Please try again. <a href='login2.php'>Click here to go back</a>");
               }
          }else{
          die("You must enter a username and password!");
        }
    }//submit
}//session
?>
<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

    <head>
    <meta http-equiv="content-type"content="text/html;charset=encoding"/>
    <title>Login</title>
    <h2>Login page</h2>
    </head>

    <body>
        <form method="POST" action="<?php echo "$PHP_SELF";?>"<font face="Arial">
        <fieldset>
            <b><font size="2">Email: </font></b><input type="text" name="Login_email" size="40" maxlength="255"><br\>
            <b><font size="2"><br>Password: </font></b><input type="password" name="Password" size="16" maxlength="255"><br\>
            <input type="submit" name="submit" value="Login!"><font size="2"> </font>
        </fieldset>
        </form>
        <p>If you have yet to register for an account please follow the link below to create one.</p><p><font face="Arial" size="2"><a href="register.php">Register for an account</a></font></p>
    </body>
</html>


#2 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 28 March 2006 - 12:37 PM

Sessions cannot be shared accross users. So just because one user is logged in, doesn't meen your sessions are aware of another user attempting to login. In other words.... this
//check to see if anyone is logged in already
if (isset($_SESSION['loggedin'])){
Does not check if ANY user is already logged in, but checks if the CURRENT user is logged on.

What you would need to do is something like.... When a user logs in, set a field in your db to true. When another user attempts to login, check this field, if its true, deny them.

#3 gerrydewar

gerrydewar
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts

Posted 28 March 2006 - 12:45 PM

[!--quoteo(post=359243:date=Mar 28 2006, 12:37 PM:name=thorpe)--][div class=\'quotetop\']QUOTE(thorpe @ Mar 28 2006, 12:37 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Sessions cannot be shared accross users. So just because one user is logged in, doesn't meen your sessions are aware of another user attempting to login. In other words.... this
//check to see if anyone is logged in already
if (isset($_SESSION['loggedin'])){
Does not check if ANY user is already logged in, but checks if the CURRENT user is logged on.

What you would need to do is something like.... When a user logs in, set a field in your db to true. When another user attempts to login, check this field, if its true, deny them.
[/quote]


I thought that is what i had already done. I set

$_SESSION['loggedin']="TRUE";

then i check to see if it is true or not at the top of the script. I only ever want one user to be logged in at any time. I see what your saying about adding a field to the database but i thought this could be done without doing something like that.

#4 ober

ober
  • Staff Alumni
  • Advanced Member
  • 5,337 posts
  • LocationEast Coast, USA

Posted 28 March 2006 - 01:48 PM

Right, but you're missing thorpe's point. A session is specific to each user, not ALL users on your site. You will have to use a flat file or a database to see if any user is logged in.

Think of sessions as bank accounts and your website as a bank. Everyone putting money into your bank has their own account. If you wanted to see what the balance was for ALL the users, you'd go to the bank's register, not someone's specific account.

Info: PHP Manual





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users