Jump to content

Successfully created a session but....


gerrydewar

Recommended Posts

Having one problem with my session at the moment. I can log in ok and do what needs to be done. I can keep track of my users which is great. The problem i am having is once a user is logged in another user can then log in on top of them. Below is a copy of my code for my login page. If a user is logged in then another user should not be able to access the log in page properly. A message should be displayed telling them a user is currently logged in. This does not happen. What does happen is that everytime a user accesses the login page they always get a chance to enter their username and password. Can you see where my problem lies? Can anyone see where i'm going wrong?

[code]
<?php
//check to see if anyone is logged in already
if (isset($_SESSION['loggedin'])){
    die("You are already logged in as $name. If you are not $name <br><a href='logout.php'>click here to logout</a> otherwise <a href='logged_in.php'>click here to continue</a>");

    //if nobody logged in then....
    }else{
    if (isset($_POST['submit'])){
        require_once ('../mysql_connect.php');
        $username=$_POST['Login_email']; //Get the username the user has entered
        $password=$_POST['Password']; //Get the password the user has entered
        if($username && $password){
        $result=mysql_query($sql);
        //If the user gets to here, then they have typed both a username and password, so we may now go onto finding out if they exist in the DB
        $sql="SELECT * FROM users WHERE email='$username' AND password='$password'"; //get rows where the username field matches the username or email field in the database with same password
        $result=mysql_query($sql);
            if(mysql_num_rows($result) > 0){
            session_start(); //start the session
            $_SESSION['loggedin']="TRUE"; //set the global session varible for loggedin to true
            $row=mysql_fetch_array($result);
            $_SESSION['username'] = $row[1];
            $_SESSION['userid'] = $row[0];
            $name = $row[1];
            $userid = $row[0];
            die("Welcome $name $userid. You are now logged in. <a href='logged_in.php'>Click here to continue</a>");
            }else{
            die("Incorrect Login! Your username or password do not match records stored in the database. Please try again. <a href='login2.php'>Click here to go back</a>");
               }
          }else{
          die("You must enter a username and password!");
        }
    }//submit
}//session
?>
<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

    <head>
    <meta http-equiv="content-type"content="text/html;charset=encoding"/>
    <title>Login</title>
    <h2>Login page</h2>
    </head>

    <body>
        <form method="POST" action="<?php echo "$PHP_SELF";?>"<font face="Arial">
        <fieldset>
            <b><font size="2">Email: </font></b><input type="text" name="Login_email" size="40" maxlength="255"><br\>
            <b><font size="2"><br>Password: </font></b><input type="password" name="Password" size="16" maxlength="255"><br\>
            <input type="submit" name="submit" value="Login!"><font size="2"> </font>
        </fieldset>
        </form>
        <p>If you have yet to register for an account please follow the link below to create one.</p><p><font face="Arial" size="2"><a href="register.php">Register for an account</a></font></p>
    </body>
</html>
[/code]
Link to comment
Share on other sites

Sessions cannot be shared accross users. So just because one user is logged in, doesn't meen your sessions are aware of another user attempting to login. In other words.... this
[code]
//check to see if anyone is logged in already
if (isset($_SESSION['loggedin'])){
[/code]
Does not check if ANY user is already logged in, but checks if the CURRENT user is logged on.

What you would need to do is something like.... When a user logs in, set a field in your db to true. When another user attempts to login, check this field, if its true, deny them.
Link to comment
Share on other sites

[!--quoteo(post=359243:date=Mar 28 2006, 12:37 PM:name=thorpe)--][div class=\'quotetop\']QUOTE(thorpe @ Mar 28 2006, 12:37 PM) [snapback]359243[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Sessions cannot be shared accross users. So just because one user is logged in, doesn't meen your sessions are aware of another user attempting to login. In other words.... this
[code]
//check to see if anyone is logged in already
if (isset($_SESSION['loggedin'])){
[/code]
Does not check if ANY user is already logged in, but checks if the CURRENT user is logged on.

What you would need to do is something like.... When a user logs in, set a field in your db to true. When another user attempts to login, check this field, if its true, deny them.
[/quote]


I thought that is what i had already done. I set

[code]
$_SESSION['loggedin']="TRUE";
[/code]

then i check to see if it is true or not at the top of the script. I only ever want one user to be logged in at any time. I see what your saying about adding a field to the database but i thought this could be done without doing something like that.
Link to comment
Share on other sites

Right, but you're missing thorpe's point. A session is specific to each user, not ALL users on your site. You will have to use a flat file or a database to see if any user is logged in.

Think of sessions as bank accounts and your website as a bank. Everyone putting money into your bank has their own account. If you wanted to see what the balance was for ALL the users, you'd go to the bank's register, not someone's specific account.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.