homepage Welcome to WebmasterWorld Guest from 54.198.9.77
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
preventing multiple logins
preventing multiple logins
Soulfinger




msg:4242069
 2:26 am on Dec 14, 2010 (gmt 0)

Hi I'm designing a php login system. I can't figure out though how to prevent multiple logins from the same user account. In other words I'd like to prevent multiple people from logging in on the same account at the same time.

Any suggestions would be much appreciated.

Thanks

 

Matthew1980




msg:4242142
 8:39 am on Dec 14, 2010 (gmt 0)

Hi there soulfinger,

Welcome to WebmasterWorld firstly!

This is quite a simple thing to do when you have the logic in front of you. If you have a login script done, you should be using $_SESSION and $_COOKIE globals to 'track' your users movements, this is the fabric that holds a login system together.

A simple check will make sure that if your user attempts a secondary login, a redirect will occur forwarding him/her to the 'secure' page before they can see a login/access screen.

Try something like this:-

<?php
error_reporting(E_ALL);

if(isset($_SESSION['your_session']) && !empty($_SESSION['your_session'])){
//redirect here to logged in section
}
else{
//redirect here to the login screen
}
?>

The logic for validating a session user is essentially the same as keeping someone in or out.

Hope as I understood you correctly.

Cheers,
MRb

Anyango




msg:4242194
 10:42 am on Dec 14, 2010 (gmt 0)

I think he meant otherwise Matthew, i think he means if a user account is logged in from one location then the script should not allow the same login password to work from another location too. For example if you are logged in and your friend tries to login with your id too, i think he means he wants to block that when you are logged in.

One simple way can be to store an extra field in the user table which you can set to true when the user logs in and then you can set it to false when they log out. So whenever a second attempt comes you can see if the user is already logged in or not. But one catch here is what if they dont logout and just close the window? then your database will show the user as logged in always. For that you might add some timelimit to your authentication script, and so on. But basically database will need to store user state

Matthew1980




msg:4242205
 11:17 am on Dec 14, 2010 (gmt 0)

^^

That makes sense, track via the IP address then, and from that you can 'force' the system to re-validate your login to another machine, then you can show a history of previous IP addresses used to login from - I have not long finished a system that does just that.

Easy way to achieve this would be from the use of the enum() in an int field within a db, then you just set that to either 1 or 0 depending on whether they are logged in already or not, if it's set to 1 & the IP's don't match, ask to re validate the session/cookie.

It's easier than it sounds ;-p

Cheers,
MRb

Soulfinger




msg:4264014
 1:17 am on Feb 8, 2011 (gmt 0)

Hi there,

And thank you both for your replies.

I'm still confused with one part though. How do you make sure the database can be altered to show the suer is logged out when the user just closes the window without properly logging out?

thanks

Matthew1980




msg:4264077
 9:15 am on Feb 8, 2011 (gmt 0)

Hi there Soulfinger,

>>How do you make sure the database can be altered to show the suer is logged out when the user just closes the window without properly logging out

Cron job is one thought, $_SESSION/$_COOKIE check when the window is re opened to see what sort of time difference there is, then redirect on the state of the data held in the cookie.

A few way to approach this.

Cheers,
MRb

Soulfinger




msg:4264487
 1:43 am on Feb 9, 2011 (gmt 0)

Hi Matthew

Thank you for the suggestion, I'll give that a try.

Soulfinger

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved