I want to make sure all users those login are different in a time either on the same or different computer or web browser. Following are sample of my program which consist 4 different pages;
[PHP]
#users.php
$users = array(
'user1' => md5('password1'),
'user2' => md5('password2')
);
$salt = substr(md5(date('F')), 8);
[/PHP]
[PHP]
<?php
#login.php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(!ereg('^[A-Za-z0-9]', $_POST['username']))
{
exit('<p>Invalid characters in the username.</p>');
}
else
{
$username = $_POST['username'];
$password = md5($_POST['password']);
require('users.php');
if(array_key_exists($username, $users))
{
//the username exists
//compare the submitted password to value of the array key (the right password)
if($password == $users[$username])
{
//password is correct
session_start();
$_SESSION['usr'] = $username;
$_SESSION['loggedin'] = md5($username.$password.$salt);
setcookie(session_name(), $_COOKIE[session_name()], time()+7200, '/');
header('Location: home.php');
exit;
}
else
{
exit('<p>Invalid password.</p>');
}
}
else
{
exit('<p>Invalid username.</p>');
}
}
}
?>
<html>
<head>
<title>Login Form</title>
</head>
<body>
<form method="post" action="login.php">
Username: <input type="text" name="username"><br />
Password: <input type="password" name="password"><br />
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
[/PHP]
[PHP]
#check.php
session_start();
if(!isset($_SESSION['loggedin']))
{
header('Location: login.php');
exit;
}
else
{
//the session variable exists, check it's valid:
require('users.php');
$userexists = false;
foreach($users as $username => $password)
{
if(md5($username.$password.$salt) == $_SESSION['loggedin'])
{
$userexists = true;
}
}
if($userexists !== true)
{
exit('<p>Invalid session: please <a href="login.php">login</a>.</p>');
}
}
[/PHP]
[PHP]
<?php
require('check.php');
?>
<html>
<head>
<title>User Home Page</title>
</head>
<body>
<p><a href="logout.php">Logout</a></p>
<p>Your username is : <?php echo $_SESSION['usr'] ?></p>
</body>
</html>
[/PHP]
12 3546
Please help me! I currently got stuck. Is it possible to register different session_id() for each different user?
I've tried this code and put in login.php. But the problem happened is when i login more than one account either an account will replace all the registered account. I really don't know what i'am gonna do right now. I really need ur help.
[PHP]
#login.php
session_start();
$i = 0;
$_SESSION['sess'] = array();
if(sizeof($_SESSION['sess'])==0)
{
$_SESSION['sess'][$i] = session_id();
$i++;
}
else
{
session_regenerate_id();
$_SESSION['sess'][$i] = session_id();
$i++;
}
foreach($_SESSION['sess'] as $sess)
{
$_SESSION['usr'] = $username;
$_SESSION['loggedin'] = md5($username.$password.$salt);
setcookie(session_name(), $sess, time()+7200, '/');
header('Location: home.php');
exit;
}
[/PHP]
Hi,
I would use a far simpler approach to preventing mutliple logins from one user.
Assuming that the user details are stored in a database you could, on login store the IP address of the computer they logged in on, or simply set a flag to indicate they have logged in and the session ID.
Then should a second login request come along with the same credentials you can test the flag to see if they are already logged in. If they are then you can kill the previous session and start again or inform them that they are still logged in elsewhere.
That's the approach I take to this problem.
Cheers
nathj
Hi nathj, thanks for ur appreaciate... Actaully I want to make a login for portal but I has no idea where to start. Can u give me some simpler example to do that..thanks
Hi nathj, thanks for ur appreaciate... Actaully I want to make a login for portal but I has no idea where to start. Can u give me some simpler example to do that..thanks
Hi Fareast Adam,
If it's a login portal you're after then it's fairly straight forward. The protal is basically a form with 3 controls on it:
2 input boxes - one type text and one type password and 1 submit button.
The text boxes take the username and password and the button submits the form so that the details can be checked.
It is on this second page, the target page, that ou check the details against the database and see if the user is already logged in.
Does that make more sense?
Cheers
nathj
Actually I have using database to keep all user information such as username and password. These program are just sample only. I think i have problem on page check.php where i will include check.php in every pages as in page home.php. The problem is when I login on second time the first account will be replaced to the other new account. I am not know what i'am wrong. Please help me, I'am really need you help.
Fareast Adam
Is it guess sufficient if I use the following code to examine uer session whose registered? I put on the top on every pages...
[PHP]
require('check.php');
[/PHP]
Is it guess sufficient if I use the following code to examine uer session whose registered? I put on the top on every pages...
[PHP]
require('check.php');
[/PHP]
I have a site, currently in development only, where I do just that. I have the code included at the top of every page and this checks if the user is logged in. If they are it displays their name otherwise it gves the login form.
The trouble with this is that if they do not log out and go to another computer and log in again they will be logged in twice. This is why you need some way of killing a session or preventing them from logging in again.
But generally, if they are logged in don't give them the log in form so that they cannot log in again on the same computer.
Cheers
nathj
But what about genereting a new session_id() for each new different user's account such as this;
[PHP]
#login.php
session_start();
$_SESSION['usr'] = $username;
$_SESSION['loggedin'] = md5($username.$password.$salt);
if(session_id()=='')
{
setcookie(session_name(), session_id(), time()+7200, '/');
}
else
{
session_regenerate_id();
setcookie(session_name(), session_id(), time()+7200, '/');
}
header('Location: home.php');
exit;
[/PHP]
I've never bothered with this. I just let the server handle that. I haven't noticed any issues during my initial testing but perhaps it is something I will need to look into in the future.
Cheers
nathj
Anyway thank nathj for ur time and idea! I sense that i must try another method also.
Fareast Adam;
I have try using session live time to kill the session within 2 hours to prevent forgot logout something like this; Thanks again
[PHP]
#session live time is 2 hours
setcookie(session_name(), $_COOKIE[session_name()], time()+7200, '/');
[/PHP]
Fareast adam
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Terabyte |
last post by:
I have a client that wants me to create a form that will contain about 50
condo listings. He wants me to place a restriction on the form as to the
number of Condo listings a user can...
|
by: Paul |
last post by:
Hi all, at present I I've built a website which can be updated by admin and
users.
My problem, I've combined "log in" and "access levels" to restrict access to
certain pages, using the built...
|
by: Sudheer |
last post by:
Hi All,
We need to restrict multiple users login to the system. If one user is
online with one userID, we need to show the message "This user already logs
in to the system" to the other user who...
|
by: ad |
last post by:
I use Login control's Authenticate event to authenticate use.
I find that different users can use the same ID to login in the same time.
How can I restrict that the some ID can only login once in...
|
by: Graham |
last post by:
I have been having some fun learning and using the new Controls and methods in .Net 2.0 which will make my life in the future easier and faster. Specifically the new databinding practises and...
|
by: Prabhat |
last post by:
Hi All,
I have a website setup which also provide ability to download latest version
of our Software by logging into the webpage. All latest softwares (ONLY ONE
FILE .EXE for each Software) are...
|
by: Gleep |
last post by:
I've searched google intensely on this topic and it seems noone really knows how to approch this.
The goal I don't want clients to give out their usernames and passwords to friends, since the site...
|
by: shankhar |
last post by:
Hi all,
In my project there is a requirement. If a user logged in at a time
since he/she logged out others are not allowed to loggin using the
same user name. That is to avoid multiple logins...
|
by: yuvang |
last post by:
Hi all
I have a mdb with login name and password form. There are several login names, i defined through a table "User_login". Here the problem is at a time a single user is able to login in...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |