Check if a user is logged in/out

[rofl90]

How do I check if a user has logged out, I can do in, using a database field online/offline, but how can the system tell if someone is logged in or out?

[frijole]

when they logout in your script you can set the value that tells you that they are logged in to "logged out"

[jedney]

Check and see if the session/cookie is still active.  If it is, the logged in value would be true.

[rofl90]

Sometimes they won't press logout, and just hit x, how do I check if the cookie is still active?

 

Note: I have it set as time()+'value'

 

'value' being a mysql query which is editable..

[jedney]

I'm unsure about that.  Is there a way to check and see if the window is closed, terminate login?

[trq]

What you really need to do is wehn a user logs in, update an active database field to 1. You will also need to store a timestamp (storing the current time) in this same row.

 

Now what you need to do is keep track of active users. So, upon each request you need to update the timestamp to the current time.

 

Then it is simply a matter of running a cronjob every few minutes that looks for records with a timestamp older than say 5 minutes and sets the active field back to 0.

 

There really is no simple way of doing this.

[trq]

Sometimes they won't press logout, and just hit x, how do I check if the cookie is still active?

 

Note: I have it set as time()+'value'

 

'value' being a mysql query which is editable..

 

Just read this. Your not seriously storing a mysql query in your cookie? That is a huge security hole.

[jedney]

Sounds like a good way to go about doing it, I'm sure there is plenty of tutirlas about cron jobs on the web, if you don't know how to use them.

[rofl90]

No, I'm storing a variable taken fro a mysql record in a cookie.

 

Also, I know its not very community mentality, but could somebody spit out some code to get me started..

[jedney]

Sorry I cannot be of any other assistance.  I am not skilled enough in PHP to really give sample scripts.

[rofl90]

Could somebody explain to me the idea of cronjobs, sounds like what I need, now all I need is something to check if the users cookie is still alive.

[jedney]

Cronjobs is a server-side tool.  I believe it's Linux-based, and it is used to run scheduled tasks on the web server.  It's pretty extensive, I personally do not know much about it, but I know what it does.  You may want to look into some documentation on cronjobs and it's functions.

[ohdang888]

if you are doing sessions, and have anything stored in the session ,this can be used:

 

 

 

<?php 
if(strlen($_SESSION['id']) > 0){ //checks to see if they are logged in
mysql_query("Select `blah blah blah` FROM `table` WHERE `id`= '{$_SESSION['id']}' ");
       	}?>

that should reset the timestamp

 

 

[ohdang888]

my fault. one mistake

 

<?php 
if(strlen($_SESSION['id']) > 0){ //checks to see if they are logged in
mysql_query("SELECT `some column` FROM `table` WHERE `id`= '{$_SESSION['id']}' ");
       	}?>

[rofl90]

How would I do that with sessions, also I got some wierd error..

theres part of the code php designer says '$quoters = "SELECT * FROM usersdb WHERE password='$pass'";' is the problem. it outputs a blank page once the php starts.

if (isset($_GET['p']) && $_GET['p'] == "login") {


$ip = $_POST['ip'];
$inform = "insert into ips(ip) VALUES ('$ip')";
mysql_query($inform);



$namer = $_POST['name']
$quoters = "SELECT * FROM usersdb WHERE username='$namer'";
$result = mysql_query($quoters);
$infor = mysql_fetch_array($result);



   if($infor != $namer) {
      echo "<p>Sorry, that username does not match. Click <a href=\"http://www.codeetech.com/backend/\">here</a> to try again.</p>";
      exit;
   } 
   
   
$pass = $_POST['pass']
$quoters = "SELECT * FROM usersdb WHERE password='$pass'";
$resulto = mysql_query($quoters); 
$quiza = mysql_fetch_array($resulto

   elseif ($quiza != $pass) {
      echo "<p>Sorry, that password does not match. Click <a href=\"http://www.codeetech.com/backend/\">here</a> to try again.</p>";
      exit;
   } else {
   
   
   
      setcookie('MyLoginPage', md5($_POST['pass'].$randomword), time()+ $timing);

$quotersi = "update usersdb set online='online' WHERE username='$namer'";
$result = mysql_query($quoters); 

      header("Location: index2.php");
  
   } 
}
?>

[rofl90]

Latest is displays http://www.codeetech.com/backend/

 

<?php
error_reporting(E_ALL);
$dbhost = 'x';
$dbuser = 'x';
$dbpass = 'x';
$dbname = 'x';
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());

mysql_select_db($dbname);
?>
<style type="text/css">
<!--
.style2 {
font-size: 14;
font-family: "Trebuchet MS";
}
-->
</style>

<span class="style2">
<?php
$username = 'charlie,andreas';
$users = explode(",", $username);
$password = "xxx";
$randomword = "xxx";



if (isset($_COOKIE['MyLoginPage'])) {
   if ($_COOKIE['MyLoginPage'] == md5($password.$randomword)) {
?>
</span>
<meta http-equiv="refresh" content="0;http://www.codeetech.com/backend/index2.php" />
<span class="style2">
<?php
      exit;
   } else {
      echo "<p>Bad cookie. Clear please clear them out and try to login again.</p>";
      exit;
   }
}

if (isset($_GET['p']) && $_GET['p'] == "login") {

$result = mysql_query("SELECT * FROM settings") or die(mysql_error()); 
$row = mysql_fetch_array($result);
$timing = $row['timeout'];

$ip = $_POST['ip'];
$inform = "insert into ips(ip) VALUES ('$ip')";
mysql_query($inform);



$namer = $_POST['name']
$quoters = "SELECT * FROM usersdb WHERE username='$namer'";
$result = mysql_query($quoters);
$infor = mysql_fetch_array($result);



   if($infor != $namer) {
      echo "<p>Sorry, that username does not match. Click <a href=\"http://www.codeetech.com/backend/\">here</a> to try again.</p>";
      exit;
   } 
   
   
$pass = $_POST['pass']
$quotersa = "SELECT * FROM usersdb WHERE password='$pass'";
$resulto = mysql_query($quotersa); 
$quiza = mysql_fetch_array($resulto);

   elseif ($quiza != $pass) {
      echo "<p>Sorry, that password does not match. Click <a href=\"http://www.codeetech.com/backend/\">here</a> to try again.</p>";
      exit;
   } else {
   
   
   
      setcookie('MyLoginPage', md5($_POST['pass'].$randomword), time()+ $timing);



      header("Location: index2.php");
  
   } 
}
?>
</span>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?p=login" method="post" class="style2"><fieldset>
<label>Your IP is <?php echo $_SERVER['REMOTE_ADDR']; ?>, and has been logged, unauthorised attempts to access will be logged, and steps will be taken.<br /></label>
<br />
<input type="text" name="name" id="name" /> <label>Name</label><br /><br />
<label><input type="password" name="pass" id="pass" /> Password</label>
<br />
<br />
<input type="submit" id="submit" value="Login" />
<input name="ip" type="hidden" id="hidden" value="<?php $ip = $_SERVER['REMOTE_ADDR']; echo $ip; ?>" />
<br />
<br />
Backend time out currently set at: <?php echo $timing / 60; ?> minutes.
</fieldset></form>

[jedney]

Make sure you pay attention to the forum rules, post in the code tags.

[rofl90]

I tried to post in

[darkfreaks]

there is no terminator after post name

 

$namer = $_POST['name'];

[rofl90]

one sec trying it

[rofl90]

still not working and php designer is saying:

 

$quotersa = "SELECT * FROM usersdb WHERE password='$pass'";

 

is an unexpected t-variable???????????

[ohdang888]

i don;'t know if this will make a differnce, but try it...

 

when i use queries with dynamic info (variables)...

instead of

 

$quotersa = "SELECT * FROM usersdb WHERE password='$pass'";

 

i would do this:

 

$quotersa = "SELECT * FROM usersdb WHERE password='{$pass}'";

 

plus, is this a system with user passwords??? if it is, this script is probably relly unsecure. Are you encoding your passwords?

[rofl90]

its unsecure, i will be securing it once i do the basics, now phpd2008 is saying:

 

edit: securer?

 

 

edit2:

 

hmm.. am i aloud to do this

//blablabla
}
//blablabla
elseif(//blabla) {

//blablabla
}

 

 

   else if ($quiza != $pass) {

 

is unexpected elseif?

 

just to keep updated:

 

<?php
error_reporting(E_ALL);
$dbhost = 'xxt';
$dbuser = 'xx';
$dbpass = 'xx';
$dbname = 'x';
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());

mysql_select_db($dbname);
?>
<style type="text/css">
<!--
.style2 {
font-size: 14;
font-family: "Trebuchet MS";
}
-->
</style>


<span class="style2">
<?php
$username = 'charlie,andreas';
$users = explode(",", $username);
$password = "x";
$randomword = "x";



if (isset($_COOKIE['MyLoginPage'])) {
   if ($_COOKIE['MyLoginPage'] == md5($password.$randomword)) {
?>
</span>
<meta http-equiv="refresh" content="0;http://www.codeetech.com/backend/index2.php" />
<span class="style2">
<?php
      exit;
   } else {
      echo "<p>Bad cookie. Clear please clear them out and try to login again.</p>";
      exit;
   }
}

if (isset($_GET['p']) && $_GET['p'] == "login") {

$result = mysql_query("SELECT * FROM settings") or die(mysql_error()); 
$row = mysql_fetch_array($result);
$timing = $row['timeout'];

$ip = $_POST['ip'];
$inform = "insert into ips(ip) VALUES ('$ip')";
mysql_query($inform) or die(mysql_query());



$namer = $_POST['name'];
$quoters = "SELECT * FROM usersdb WHERE username='$namer'";
$result = mysql_query($quoters) or die(mysql_query());
$infor = mysql_fetch_array($result);



   if($infor != $namer) {
      echo "<p>Sorry, that username does not match. Click <a href=\"http://www.codeetech.com/backend/\">here</a> to try again.</p>";
      exit;
   } 
   
   
$pass = $_POST['pass'];
$quotersa = "SELECT * FROM usersdb WHERE password='md5($pass)'";
$resulto = mysql_query($quotersa) or die(mysql_query()); 
$quiza = mysql_fetch_array($resulto);

   elseif ($quiza != $pass) {
      echo "<p>Sorry, that password does not match. Click <a href=\"http://www.codeetech.com/backend/\">here</a> to try again.</p>";
      exit;
   } else {
   
   
   
      setcookie('MyLoginPage', md5($password.$randomword), time()+ $timing);



      header("Location: index2.php");
  
   } 
}
?>
</span>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?p=login" method="post" class="style2"><fieldset>
<label>Your IP is <?php echo $_SERVER['REMOTE_ADDR']; ?>, and has been logged, unauthorised attempts to access will be logged, and steps will be taken.<br /></label>
<br />
<input type="text" name="name" id="name" /> <label>Name</label><br /><br />
<label><input type="password" name="pass" id="pass" /> Password</label>
<br />
<br />
<input type="submit" id="submit" value="Login" />
<input name="ip" type="hidden" id="hidden" value="<?php $ip = $_SERVER['REMOTE_ADDR']; echo $ip; ?>" />
<br />
<br />
Backend time out currently set at: <?php echo $timing / 60; ?> minutes.
</fieldset></form>

[ohdang888]

as far as i know

elseif has to be used like this :

 

}elseif{

 

 

 

if( asdfadsf){

balh

sdfg

sdfg

sdfg

}elseif(gsdfg){

sdfgsdfg

}else{

gfhfhg

}

[rofl90]

Ok that worked now when I try to login I get this errors..

 

username password     online

  Charlie     #hash          offline

 

and heres the code

and the error im recieving is Sorry, that username does not match. Click here to try again.

<?php
error_reporting(E_ALL);
$dbhost = 'xxx';
$dbuser = 'xx';
$dbpass = 'xxx';
$dbname = 'xxx';
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());

mysql_select_db($dbname);
?>
<style type="text/css">
<!--
.style2 {
font-size: 14;
font-family: "Trebuchet MS";
}
-->
</style>

<span class="style2">
<?php
$username = 'charlie,andreas';
$users = explode(",", $username);
$password = "xxx";
$randomword = "xxx";



if (isset($_COOKIE['MyLoginPage'])) {
   if ($_COOKIE['MyLoginPage'] == md5($password.$randomword)) {
?>
</span>
<meta http-equiv="refresh" content="0;http://www.codeetech.com/backend/index2.php" />
<span class="style2">
<?php
      exit;
   } else {
      echo "<p>Bad cookie. Clear please clear them out and try to login again.</p>";
      exit;
   }
}

if (isset($_GET['p']) && $_GET['p'] == "login") {


$pass = $_POST['pass'];
$quotersa = "SELECT * FROM usersdb WHERE password='md5($pass)'";
$resulto = mysql_query($quotersa) or die(mysql_query()); 
$quiza = mysql_fetch_array($resulto);

$result = mysql_query("SELECT * FROM settings") or die(mysql_error()); 
$row = mysql_fetch_array($result);
$timing = $row['timeout'];

$ip = $_POST['ip'];
$inform = "insert into ips(ip) VALUES ('$ip')";
mysql_query($inform) or die(mysql_query());



$namer = $_POST['name'];
$quoters = "SELECT * FROM usersdb WHERE username='$namer'";
$result = mysql_query($quoters) or die(mysql_query());
$infor = mysql_fetch_array($result);



   if($infor != $namer) {
      echo "<p>Sorry, that username does not match. Click <a href=\"http://www.codeetech.com/backend/\">here</a> to try again.</p>";
      exit;
   } 
   elseif ($quiza != $pass) {
      echo "<p>Sorry, that password does not match. Click <a href=\"http://www.codeetech.com/backend/\">here</a> to try again.</p>";
      exit;
   } else {
   
   
   
      setcookie('MyLoginPage', md5($password.$randomword), time()+ $timing);



      header("Location: index2.php");
  
   }
}
?>
</span>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?p=login" method="post" class="style2"><fieldset>
<label>Your IP is <?php echo $_SERVER['REMOTE_ADDR']; ?>, and has been logged, unauthorised attempts to access will be logged, and steps will be taken.<br /></label>
<br />
<input type="text" name="name" id="name" /> <label>Name</label><br /><br />
<label><input type="password" name="pass" id="pass" /> Password</label>
<br />
<br />
<input type="submit" id="submit" value="Login" />
<input name="ip" type="hidden" id="hidden" value="<?php $ip = $_SERVER['REMOTE_ADDR']; echo $ip; ?>" />
<br />
<br />
Backend time out currently set at: <?php echo $timing / 60; ?> minutes.
</fieldset></form>