Prevent double login with the same username

[nazmy]

I am using session to create a login script and it works great... But the only problem is, it does not prevent double login with the same username... How to to solve this problem?????

[trq]

Check for the existence of the $_SESSION array prior to log in. eg;

 

<?php

  session_start();

  if (!isset($_SESSION['username'])) {
    // do login.
  } else {
    // user already logged in.
  }

?>

[cooldude832]

only issue there thorpe is that it handles on a single computer

 

For preventing multi computer logins, make a mysql table that stores

 

SESSIONID  UserID  TimeStamp

 

Every time they move pages if that UsreID is already assigned to another SessionID (no their own) log them out of their current login.

Then delete all Data in this table over X minuites old so you don't have to worry about users who forget to logout.

 

Also delete relative session data on a logout in this table.

 

Its basicalyl a How many users online script altered.

[nazmy]

<?php 
session_start();
include('db.php');
if(isset($_POST['submit'])) :
   $username = strip_tags($_POST['username']);
   $password = sha1(strip_tags($_POST['password']));
   
   $query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
   $result = mysql_query($query);
   if(1 != mysql_num_rows($result)) :
      
       header('Location: index.php?msg=login_failed');
   else :
       
       $row = mysql_fetch_assoc($result);
       
       $_SESSION['member_ID'] = $row['ID'];
       if (!isset($_SESSION['member_ID'])) {
    		// do login.
    		header('Location: members-only.php');
  		 }
  		 else 
  		 	echo "already logged in";
   endif;
endif;
?>

 

It works!!! I have not tried from multiple pc.... anyway, thanks for the help

[nazmy]

<?php 
session_start();
include('db.php');
if(isset($_POST['submit'])) :
   $username = strip_tags($_POST['username']);
   $password = sha1(strip_tags($_POST['password']));
   
   $query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
   $result = mysql_query($query);
   if(1 != mysql_num_rows($result)) :
      
       header('Location: index.php?msg=login_failed');
   else :
       
       $row = mysql_fetch_assoc($result);
       
       $_SESSION['member_ID'] = $row['ID'];
       if (!isset($_SESSION['member_ID'])) {
    		// do login.
    		header('Location: members-only.php');
  		 }
  		 else 
  		 	echo "already logged in";
   endif;
endif;
?>

 

[nazmy]

<?php 
session_start();
include('db.php');
if(isset($_POST['submit'])) :
  
   $username = strip_tags($_POST['username']);
   $password = sha1(strip_tags($_POST['password']));
   
   $query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
   $result = mysql_query($query);
   if(1 != mysql_num_rows($result)) :
       
       header('Location: index.php?msg=login_failed');
   else :
       
       $row = mysql_fetch_assoc($result);
       
         if (!isset($_SESSION['member_ID'])) {
			    
			    $_SESSION['member_ID'] = $row['ID'];
			    header('Location: members-only.php');
			  } else {
			   
			    echo "already logged in";
			  }
       
   endif;
endif;


?>

 

I've made mistake with the last one  .... it does not work... So this this is a new one... It looks ok to me... Can somebody figure it out...