Custer Posted July 21, 2007 Share Posted July 21, 2007 Yah...I'm back with some session questions... A friend of mine gave me a snippet of a session code that he uses and I've modified it to fit my site, and I can successfully login to my members page. But, I came across another issue and I'm not exactly sure how to approach it, I have a good idea, but thought it would be good to check with you guys (still a hair confused with sessions ). I had a couple friends of mine login using my test account to make sure that the page was displaying properly in different browsers and one of my friends just copied and pasted the url to the members page and was able to view the page just fine, but had a warning about the session.php and it's function. Anyways, what I could make out of it, was that as long as you had the session started on your computer, you could just get right in, and that the same account could be logged in by multiple computers (there were 3 of us at the same time under the same account). So I need to write a piece of code to limit the number of users able to login to one account to 1 and then, if they should exit the page, it logs them out... Here is the session.php that I modified: <?PHP //include in all files to check session and login session_start(); require("configure.php"); //check session status if($_SESSION['logged'] != "1"){ //bad session, kill it session_destroy(); } else { // SESSION GATE //check login details against table $user = $_SESSION['username']; $pass = $_SESSION['password']; //connect $link = mysql_connect($dbhost, $dbuser, $dbpass) or die('Could not connect: ' . mysql_error($link)); //select database mysql_select_db($dbname, $link) or die(mysql_error($link)); //check details in the DB $result = mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pass'",$link) or die (mysql_error()); $row = mysql_fetch_array($result,MYSQL_ASSOC); //check details from session and DB if($user == $row['name'] && $pass == $row['pass'] && $row['userlevel'] == 1){ //if user is correct then login must be true $_SESSION['logged'] = "1"; } else{ //if user is not correct send error message to main page $_SESSION['error'] = "1"; $_SESSION['message'] = "Sorry there was an error with your login details, please <a href=login.php>try again</a>"; }; }; // SESSION GATE ELSE //if we get this far then they are logged in and can see the page below! Yay! ?> And all that I've been putting on my members page at the very top is require <?php require ('session.php'); ?> Quote Link to comment Share on other sites More sharing options...
L Posted July 21, 2007 Share Posted July 21, 2007 well u can have select from users where ip=$ip, $ip being their ip address...if they don't match tell them to login if they do let them see the page....then to log them off u can have a timestamp column and if its over five minutes and that column hasn't been updated then log them off....this would be code in the beginning of each page if u want to do this for a user count or of the sort Quote Link to comment Share on other sites More sharing options...
Custer Posted July 21, 2007 Author Share Posted July 21, 2007 But can I make a code that if the window is exited or wait, I guess that means it would exit everytime they changed pages..hmm... Quote Link to comment Share on other sites More sharing options...
L Posted July 21, 2007 Share Posted July 21, 2007 timestamp is how i do it, and it works fine for me...im not too sure u can do code with the actual browser closing, but using time in this situation would work. Quote Link to comment Share on other sites More sharing options...
Custer Posted July 21, 2007 Author Share Posted July 21, 2007 Would you mind posting that piece of the code? I haven't really worked with timestamps yet... Quote Link to comment Share on other sites More sharing options...
Custer Posted July 21, 2007 Author Share Posted July 21, 2007 Sorry for the double post, but anyone? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.