473,381 Members | 1,399 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,381 software developers and data experts.

Check if user is already logged in

fr?
Hi,

i have a website , on wich users have to log in
credentials are checked against mysql db
some session vars are set during login for use somewhere else in the
code.

Is there a way to prohibit a user to log in twice.
A was thinking about setting some flag in the db, but in that case i
need some timeout in case a pc can crash for instance so the user does
not logout.

Is it possible to check if a session var ( in another session )
exists??

thanks
fré
Jul 17 '05 #1
7 17242
"fr?" <gr*****@chello.nl> wrote in message
news:fd**************************@posting.google.c om...
Hi,

i have a website , on wich users have to log in
credentials are checked against mysql db
some session vars are set during login for use somewhere else in the
code.

Is there a way to prohibit a user to log in twice.
A was thinking about setting some flag in the db, but in that case i
need some timeout in case a pc can crash for instance so the user does
not logout.

Is it possible to check if a session var ( in another session )
exists??


Session variables are accessible throughout a site, do a print_r
($_SESSION); to see what's in there. Maybe your application isn't using
PHP's sessions but some internal mechanism for dealing with them.

Paulus
Jul 17 '05 #2
as expected, i only see the sessionvars belonging to my own session
On PC1 script says: Array ( [id] => 11 [user] => john )
On PC2 script says: Array ( [id] => 34 [user] => mark )

I cannot see the vars for PC1 on PC2 v.v.. That is probably how it is
meant to be.

What i am trying to check is:
john is logged into PC1
Someone else tries to login on PC2 with username John. Is there a way to
find out that john is already logged in, and prevent this user to login as
John??

fré
"Paulus Magnus" <pa***********@loves-spam.com> schreef in bericht
news:bl**********@titan.btinternet.com...
"fr?" <gr*****@chello.nl> wrote in message
news:fd**************************@posting.google.c om...
Hi,

i have a website , on wich users have to log in
credentials are checked against mysql db
some session vars are set during login for use somewhere else in the
code.

Is there a way to prohibit a user to log in twice.
A was thinking about setting some flag in the db, but in that case i
need some timeout in case a pc can crash for instance so the user does
not logout.

Is it possible to check if a session var ( in another session )
exists??


Session variables are accessible throughout a site, do a print_r
($_SESSION); to see what's in there. Maybe your application isn't using
PHP's sessions but some internal mechanism for dealing with them.

Paulus

Jul 17 '05 #3
"griemer" <gr*****@chello.nl> wrote in message
news:4Y********************@amsnews03.chello.com.. .
as expected, i only see the sessionvars belonging to my own session
On PC1 script says: Array ( [id] => 11 [user] => john )
On PC2 script says: Array ( [id] => 34 [user] => mark )

I cannot see the vars for PC1 on PC2 v.v.. That is probably how it is
meant to be.

What i am trying to check is:
john is logged into PC1
Someone else tries to login on PC2 with username John. Is there a way to
find out that john is already logged in, and prevent this user to login as John??


Ah I see what your problem is now. Sessions are related to one browsing
session only so no you couldn't see other sessions that were active without
directly accessing the session files on the server, which isn't a wise thing
to do.

With a web browser you can't see when somebody is logged in, only the last
time they did something. If John simply turned his machine off the session
on the server will remain there ad infinitum. You could log the user ids to
a database during login and then you can detect during login that he's
already logged in but he may have rebooted his computer and be trying to get
back in instantly so you'd have to take account of that. Maybe popping up an
Alert box that says "John was active on PC1 45 seconds ago, do you want to
log him out and login as John on this PC?" or something similar. Your only
opportunity to interact with the server is when a page is requested. Sitting
and reading a page, having a coffee, going to the toilet or turning off your
computer don't trigger data transmissions so they're invisible to a web
server.

Paulus
Jul 17 '05 #4
gr*****@chello.nl (fr?) wrote in message news:<fd**************************@posting.google. com>...
Hi,

i have a website , on wich users have to log in
credentials are checked against mysql db
some session vars are set during login for use somewhere else in the
code.

Is there a way to prohibit a user to log in twice.
Yes, Store both session_id & IP in table, and check the validity
of session on each pages. You may look at
http://martin.f2o.org/download/php-login-script
A was thinking about setting some flag in the db, but in that case i
need some timeout in case a pc can crash for instance so the user does
not logout.

Is it possible to check if a session var ( in another session )
exists??


/**
* IsSessionActive()
*
* @author R. Rajesh Jeba Anbiah
* @description Will work only if the session save handler is default
"files" implementation & session gc probability is higher
* @param $session_id
* @return true/false
**/
function IsSessionActive($session_id)
{
$sess_file = session_save_path()."/sess_".$session_id;
return(file_exists($sess_file));
}
---
"US got a nuclear bomb that can destroy the world 13 times. Russia
got a nuclear bomb that can destroy the world 7 times. But...my
friend! Tell me! CAN YOU KILL A MAN TWICE??!!!!!" -- P.A.Sangma, Peace
loving Indian politician against India's step to go for a nuclear
test.
Email: rrjanbiah-at-Y!com
Jul 17 '05 #5
R. Rajesh Jeba Anbiah wrote:
gr*****@chello.nl (fr?) wrote in message news:<fd**************************@posting.google. com>...
Hi,

i have a website , on wich users have to log in
credentials are checked against mysql db
some session vars are set during login for use somewhere else in the
code.

Is there a way to prohibit a user to log in twice.

Yes, Store both session_id & IP in table, and check the validity
of session on each pages. You may look at
http://martin.f2o.org/download/php-login-script


Unfortunately this might not always work. We have some customers on AOL
or behind university round-robin proxies. The requests from these users
come from different IP addresses for each page. If you look in the
request headers
(http://www.zend.com/manual/function....st-headers.php)
I think most proxies add an X-forwarded-for: x.x.x.x header with the
real IP address.
Jul 17 '05 #6
Kevin Thorpe <ke***@pricetrak.com> wrote in message news:<3f***********************@news.easynet.co.uk >...
R. Rajesh Jeba Anbiah wrote:
gr*****@chello.nl (fr?) wrote in message news:<fd**************************@posting.google. com>...
Hi,

i have a website , on wich users have to log in
credentials are checked against mysql db
some session vars are set during login for use somewhere else in the
code.

Is there a way to prohibit a user to log in twice.

Yes, Store both session_id & IP in table, and check the validity
of session on each pages. You may look at
http://martin.f2o.org/download/php-login-script


Unfortunately this might not always work. We have some customers on AOL
or behind university round-robin proxies. The requests from these users
come from different IP addresses for each page. If you look in the
request headers
(http://www.zend.com/manual/function....st-headers.php)
I think most proxies add an X-forwarded-for: x.x.x.x header with the
real IP address.

I and another prgrammer recently faced a similiar problem. He ran the
java side of our site, and I ran the php side. We had to find a way
to have users log in once on either side and have that login remain
valid for the other side etc etc. Timeouts were a necessity for us
also. In short we set up a sessions table in our db which we would
write our own sessions into while also placing an MD5 sum in a cookie
on the client computer that contained username, pass and date I
believe. It was a while ago. We would then make a call to that
sessions table at page changes which allowed logins to remain valid
accross the language change as long as the user had a valid session.
That's probably a bit more than you'll need to do given that you're
just working in php, but thought I'd post it.

As far as the time out thing, I found it easier to make the login
script simply overwrite any existing sessions if there was a name
duplication. This took care of the comp crashing issues. In
addition, we are running a cronjob every fifteen minutes that queries
the db using a two hour interval to check for stale sessions. To make
that effective, we wrote an automatic session update into our session
checking script etc etc. Just a timestamp update. Have been running
this set up for several months now and it has been working pretty
well.
Jul 17 '05 #7
Kevin Thorpe <ke***@pricetrak.com> wrote in message news:<3f***********************@news.easynet.co.uk >...
R. Rajesh Jeba Anbiah wrote:
gr*****@chello.nl (fr?) wrote in message news:<fd**************************@posting.google. com>...
Hi,

i have a website , on wich users have to log in
credentials are checked against mysql db
some session vars are set during login for use somewhere else in the
code.

Is there a way to prohibit a user to log in twice.

Yes, Store both session_id & IP in table, and check the validity
of session on each pages. You may look at
http://martin.f2o.org/download/php-login-script


Storing session_id alone is quite sufficient. When the user login
to the webpage, store the current session_id in DB and then check the
current session_id on each page with the one in DB. IP check is to
enhance with the error message like "You have been logged off as you
have logged in on a different machine."
Unfortunately this might not always work. We have some customers on AOL
or behind university round-robin proxies. The requests from these users
come from different IP addresses for each page. If you look in the
request headers
(http://www.zend.com/manual/function....st-headers.php)
I think most proxies add an X-forwarded-for: x.x.x.x header with the
real IP address.


Could you post your IP fetch routine? I guess, the problem is
in your code.

---
"We are free from today... Paralyse the country, you are your own
leaders. Do or Die." --- Mahatma Gandhi
Email: rrjanbiah-at-Y!com
Jul 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: jach | last post by:
How can I get the domain, username and PC network name (Win 2000 Pro & Win XP Pro PC's) of the current logged on user (logged onto a domain and access an intranet page, Window 2000 server running...
19
by: wetherbean | last post by:
Hi group..I am writing a playlist management protocol where I have a file that holds all the playlists and a file that holds all the songs....before a playlist is created I need to check to see if...
4
by: shapper | last post by:
Hello, I am creating a Poll system and I need to check if a user has already voted. What should be the best way to do this? 1. Should I save the user IP along with its vote in the database?...
1
by: =?ISO-8859-1?Q?Andr=E9?= Wyrwa | last post by:
Hei, I know this kind of stuff has probably been asked a couple of times already, and did quite a bit of googling about it, but the answers i found were either unsatisfying or not specific...
4
by: Simon Gare | last post by:
Hi all, below is an insert statement on an asp page that stores the date and time that a driver logged on, what I need is to check that they are now already logged on fields are SQL Server...
1
by: SmartPHP | last post by:
Hi friends, My problem is...i want to open an application on click of some link...but before opening that application i want to check if that application is already opened with some other login id...
15
by: paul814 | last post by:
Is it possible to display the logged in user that is accessing the form, in a textbox? so say I have txtname I want to display the username of the person that is logged in to the PC in that...
2
by: ascll | last post by:
Greetings, How to I know existing user already login to my website (using ASP.net 2.0, MS Web Developer's login wizard)? If the user already login, I would like to set the path for...
1
by: steevan16 | last post by:
Hi, Not sure if I am in the right section. Just have a query about manipulating excel spreadsheet using vbscript. I am developing a vbscript which runs on client xp machines to retrieve certain...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.