andrew_ww Posted July 16, 2007 Share Posted July 16, 2007 Hello, Does anybody have examples of how I can stop multiple users from logging on with the same credentials ? The login script that I use is shown below: Many Thanks. Andy. <?php // Check username and password exist if(isset($_REQUEST['login_submit'])) { $user = trim($_REQUEST['username']); $pass = trim($_REQUEST['password']); $query_users = "SELECT * FROM tbl_users WHERE user_name = '$user' AND user_pass = '$pass'"; //$rs_users = mysql_query($query_users); $rs_users = mysql_query($query_users) or die("Query failed: $query_users. <br />MySQL error was : " . mysql_error()); $row_users = mysql_fetch_assoc($rs_users); $personExists = mysql_num_rows($rs_users); if($personExists) { $_SESSION['authenticated'] = $row_users['user_id']; $_SESSION['session_username'] = $row_users['user_name']; $_SESSION['session_access_level'] = $row_users['access_level']; header("location: user/"); } else { header("location: index.php?notification=badlogin"); } } // If session is registered redirect to user page if(isset($_SESSION['authenticated'])) { header("location: user/"); } // Check for notification messages and output if(isset($_REQUEST['notification'])) { $message = '<div id="notifications">'."\n"; switch($_REQUEST['notification']) { case ('badlogin') : $message .= "Sorry\n"; $message .= "The details you provided didn't match any user on this site.\n"; break; case ('loggedout') : $message .= "<p>You have been logged out.</p>\n"; break; case ('pleaselogin') : $message .= "Sorry\n"; $message .= "You must provide your user details to view your page.\n"; break; } $message .= '</div>'."\n"; } ?> Link to comment https://forums.phpfreaks.com/topic/60210-prevent-multiple-logins/ Share on other sites More sharing options...
trq Posted July 16, 2007 Share Posted July 16, 2007 You would need to log logged in users into a table along with a timestamp, then as a user loggs in, check that table to see if they are already logged in. You'll also need to update this timestamp on each request as well as setup a cron to run every 5 minutes or so to delete old (inactive / logged out) users. Sorry, but there really is no simple solution. Link to comment https://forums.phpfreaks.com/topic/60210-prevent-multiple-logins/#findComment-299519 Share on other sites More sharing options...
andrew_ww Posted July 16, 2007 Author Share Posted July 16, 2007 Thanks for the ideas. I've come up with this which I think is the right right way of going about it. At first I check to see if the user name and password match, if it does it then goes on to check that the current session id does not match, if it does then it displays an error message. The code is not working correctly as I'm always getting the error message - does anything look out of place ? <?php // Get MySQL connection require_once('Connections/connection.php'); // Begin session if (!isset($_SESSION)) { session_start(); } // Check username and password exist if(isset($_REQUEST['login_submit'])) { $user = trim($_REQUEST['username']); $pass = trim($_REQUEST['password']); $query_users = "SELECT * FROM tbl_users WHERE user_name = '$user' AND user_pass = '$pass'"; //$rs_users = mysql_query($query_users); $rs_users = mysql_query($query_users) or die("Query failed: $query_users. <br />MySQL error was : " . mysql_error()); $row_users = mysql_fetch_assoc($rs_users); $personExists = mysql_num_rows($rs_users); if($personExists) { $result = mysql_query('SELECT COUNT(*) FROM tbl_logged_user WHERE sessionID='.mysql_real_escape_string(session_id())."'"); $login_status = mysql_result($result,0,0); if (0 == $login_status) { $_SESSION = array(); //destroy the variables session_destroy(); //destroy the session itself setcookie(session_name(), '', time()-300, '/', '', 0); //destroy the cookie echo 'Multiple Login Detected'; } //add the details of a successfull login to the database. $this_session = session_id(); $sessionuser = $_SESSION['session_username']; $sql1 = "INSERT INTO tbl_logged_users SET"; $sql1 .=" sessionID='$this_session'"; $sql1 .= ", user_name='$sessionuser'"; $Result1 = mysql_query($sql1) or die($sql1."<br />". mysql_error()); header("location: user/"); } else { header("location: index.php?notification=badlogin"); } } // If session is registered redirect to user page if(isset($_SESSION['authenticated'])) { header("location: user/"); } // Check for notification messages and output if(isset($_REQUEST['notification'])) { $message = '<div id="notifications">'."\n"; switch($_REQUEST['notification']) { case ('badlogin') : $message .= "Sorry\n"; $message .= "The details you provided didn't match any user on this site.\n"; break; case ('loggedout') : $message .= "<p>You have been logged out.</p>\n"; break; case ('pleaselogin') : $message .= "Sorry\n"; $message .= "You must provide your user details to view your page.\n"; break; } $message .= '</div>'."\n"; } ?> Link to comment https://forums.phpfreaks.com/topic/60210-prevent-multiple-logins/#findComment-299608 Share on other sites More sharing options...
per1os Posted July 16, 2007 Share Posted July 16, 2007 Thanks for the ideas. I've come up with this which I think is the right right way of going about it. At first I check to see if the user name and password match, if it does it then goes on to check that the current session id does not match, if it does then it displays an error message. The code is not working correctly as I'm always getting the error message - does anything look out of place ? <?php // Get MySQL connection require_once('Connections/connection.php'); // Begin session if (!isset($_SESSION)) { session_start(); } // Check username and password exist if(isset($_REQUEST['login_submit'])) { $user = trim($_REQUEST['username']); $pass = trim($_REQUEST['password']); $query_users = "SELECT * FROM tbl_users WHERE user_name = '$user' AND user_pass = '$pass'"; //$rs_users = mysql_query($query_users); $rs_users = mysql_query($query_users) or die("Query failed: $query_users. <br />MySQL error was : " . mysql_error()); $row_users = mysql_fetch_assoc($rs_users); $personExists = mysql_num_rows($rs_users); if($personExists) { $result = mysql_query('SELECT COUNT(*) FROM tbl_logged_user WHERE sessionID='.mysql_real_escape_string(session_id())."'"); $login_status = mysql_result($result,0,0); if (0 == $login_status) { $_SESSION = array(); //destroy the variables session_destroy(); //destroy the session itself setcookie(session_name(), '', time()-300, '/', '', 0); //destroy the cookie echo 'Multiple Login Detected'; } //add the details of a successfull login to the database. $this_session = session_id(); $sessionuser = $_SESSION['session_username']; $sql1 = "INSERT INTO tbl_logged_users SET"; $sql1 .=" sessionID='$this_session'"; $sql1 .= ", user_name='$sessionuser'"; $Result1 = mysql_query($sql1) or die($sql1."<br />". mysql_error()); header("location: user/"); } else { header("location: index.php?notification=badlogin"); } } // If session is registered redirect to user page if(isset($_SESSION['authenticated'])) { header("location: user/"); } // Check for notification messages and output if(isset($_REQUEST['notification'])) { $message = '<div id="notifications">'."\n"; switch($_REQUEST['notification']) { case ('badlogin') : $message .= "Sorry\n"; $message .= "The details you provided didn't match any user on this site.\n"; break; case ('loggedout') : $message .= "<p>You have been logged out.</p>\n"; break; case ('pleaselogin') : $message .= "Sorry\n"; $message .= "You must provide your user details to view your page.\n"; break; } $message .= '</div>'."\n"; } ?> What is the error message, that would help. Link to comment https://forums.phpfreaks.com/topic/60210-prevent-multiple-logins/#findComment-299611 Share on other sites More sharing options...
trq Posted July 16, 2007 Share Posted July 16, 2007 if there are results found in your query would mean there already logged in. yove got it around the other way I'm sure. Try... <?php if ($result = mysql_query('SELECT id FROM tbl_logged_user WHERE sessionID='. session_id()) { // you can assume session_id() to be safe. if (mysql_num_rows($result)) { $_SESSION = array(); //destroy the variables session_destroy(); //destroy the session itself setcookie(session_name(), '', time()-300, '/', '', 0); //destroy the cookie echo 'Multiple Login Detected'; } } ?> Link to comment https://forums.phpfreaks.com/topic/60210-prevent-multiple-logins/#findComment-299614 Share on other sites More sharing options...
andrew_ww Posted July 16, 2007 Author Share Posted July 16, 2007 Thanks for your suggestion, I'll give it a go and see what happens. Link to comment https://forums.phpfreaks.com/topic/60210-prevent-multiple-logins/#findComment-299734 Share on other sites More sharing options...
andrew_ww Posted July 17, 2007 Author Share Posted July 17, 2007 I've tried adding your code in my page however when I run all I get is a blank page - no errors - If I remove your code then the page is shown as expected. I imagine I missed a comma or simple however I'd appreciate another pair of eyes as I've been throuogh it and can find nothing wrong: Code: <?php // Get MySQL connection require_once('Connections/connections.php'); // Begin session if (!isset($_SESSION)) { session_start(); } if(isset($_REQUEST['login_submit'])) { $user = trim($_REQUEST['username']); $pass = trim($_REQUEST['password']); $query_users = "SELECT * FROM tbl_users WHERE user_name = '$user' AND user_pass = '$pass'"; $rs_users = mysql_query($query_users) or die("Query failed: $query_users. <br />MySQL error was : " . mysql_error()); $row_users = mysql_fetch_assoc($rs_users); $personExists = mysql_num_rows($rs_users); if($personExists) { if ($result = mysql_query('SELECT user_ID FROM tbl_logged_user WHERE sessionID='. session_id()) { if (mysql_num_rows($result)) { $_SESSION = array(); //destroy the variables session_destroy(); //destroy the session itself setcookie(session_name(), '', time()-300, '/', '', 0); //destroy the cookie echo 'Multiple Login Detected'; } } $this_session = session_id(); $sessionuser = $_SESSION['session_username']; $sql1 = "INSERT INTO tbl_logged_users SET"; $sql1 .=" sessionID='$this_session'"; $sql1 .= ", user_name='$sessionuser'"; $Result1 = mysql_query($sql1) or die($sql1."<br />". mysql_error()); header("location: user/"); } else { header("location: index.php?notification=badlogin"); } } // If session is registered redirect to user page if(isset($_SESSION['authenticated'])) { header("location: user/"); } // Check for notification messages and output if(isset($_REQUEST['notification'])) { $message = '<div id="notifications">'."\n"; switch($_REQUEST['notification']) { case ('badlogin') : $message .= "Sorry\n"; $message .= "The details you provided didn't match any user on this site.\n"; break; case ('loggedout') : $message .= "<p>You have been logged out.</p>\n"; break; case ('pleaselogin') : $message .= "Sorry\n"; $message .= "You must provide your user details to view your page.\n"; break; } $message .= '</div>'."\n"; } // Code for tracking visitor details $dateTimePageOpened = date("Y-m-d H:i"); $pageOpened = $_SERVER['REQUEST_URI']; $ipaddress = $_SERVER['REMOTE_ADDR']; $sessionvar = $_SESSION['authenticated']; $sessionuser = $_SESSION['session_username']; $referer = $_SERVER['HTTP_REFERER']; $accessLevel = $_SESSION['session_access_level']; $sql = "INSERT INTO tbl_log SET"; $sql .= " dateTimeOpened='$dateTimePageOpened'"; $sql .= ", page='$pageOpened'"; $sql .= ", ipaddress='$ipaddress'"; $sql .= ", sessionvar='$sessionvar'"; $sql .=", username='$sessionuser'"; $sql .=", referer='$referer'"; $sql .=", access_level='$accessLevel'"; $Result = mysql_query($sql) or die($sql."<br />". mysql_error()); ?> Link to comment https://forums.phpfreaks.com/topic/60210-prevent-multiple-logins/#findComment-300173 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.