preventing multiple user login to site

hi, i want to prevent multiple users with same ID/USERNAME logging into my
site. I find it
impossible to do that because the web browser does not return me any values
if the browser has been exited.

I heard someone mention about using cron jobs to do such thing. Can someone
explain to in details?

Thank you

What if you expand your login/password table with an extra field
(e.g. "loggedin" which is yes/no) You must provide a button to
log-out decently, because leaving the computer without logging-out might
leave the "loggedin"-field to a yes-state...

"anti-bozak" <antibozak@dot.com> schreef in bericht
news:fNw1b.3286$Ej6.1288@newsread4.news.pas.earthl ink.net...
> hi, i want to prevent multiple users with same ID/USERNAME logging into my
> site. I find it
> impossible to do that because the web browser does not return me any
values
> if the browser has been exited.
>
> I heard someone mention about using cron jobs to do such thing. Can
someone
> explain to in details?
>
> Thank you
>
>
>

"zeno" <zenobee@hotmail.com> wrote in message
news:TfK1b.82811$F92.8803@afrodite.telenet-ops.be...
> What if you expand your login/password table with an extra field
> (e.g. "loggedin" which is yes/no) You must provide a button to
> log-out decently, because leaving the computer without logging-out might
> leave the "loggedin"-field to a yes-state...

You would also need something then, just incase someone just closes the
browser instead of loging out.

How about, instead, a datetime field, with the date and time of login set.
And have the program check to see if the person logged in in the past hour
and if they did to not let them log in again.

Then, the same user could not login for over an hour.

You could still include a logout button as well, so that a user can properly
logout and log back in within the hour, but at least this way if they close
the browser only an hour will pass.

> "anti-bozak" <antibozak@dot.com> schreef in bericht
> news:fNw1b.3286$Ej6.1288@newsread4.news.pas.earthl ink.net...
> > hi, i want to prevent multiple users with same ID/USERNAME logging into
my
> > site. I find it
> > impossible to do that because the web browser does not return me any
> values
> > if the browser has been exited.
> >
> > I heard someone mention about using cron jobs to do such thing. Can
> someone
> > explain to in details?
> >
> > Thank you
> >
> >
> >
>
>

"anti-bozak" <antibozak@dot.com> wrote in message
news:fNw1b.3286$Ej6.1288@newsread4.news.pas.earthl ink.net...
> hi, i want to prevent multiple users with same ID/USERNAME logging into my
> site. I find it
> impossible to do that because the web browser does not return me any
values
> if the browser has been exited.
>
> I heard someone mention about using cron jobs to do such thing. Can
someone
> explain to in details?
>
> Thank you
>
>
>

Using MySQL?

SELECT username,password FROM members WHERE loggedin='no'

shaddap newbie

"SP Computing" <webmaster@spcomputing.com> wrote in message
newsbL1b.1651$MS5.28780@newsfep4-glfd.server.ntli.net...
>
> "anti-bozak" <antibozak@dot.com> wrote in message
> news:fNw1b.3286$Ej6.1288@newsread4.news.pas.earthl ink.net...
> > hi, i want to prevent multiple users with same ID/USERNAME logging into
my
> > site. I find it
> > impossible to do that because the web browser does not return me any
> values
> > if the browser has been exited.
> >
> > I heard someone mention about using cron jobs to do such thing. Can
> someone
> > explain to in details?
> >
> > Thank you
> >
> >
> >
>
> Using MySQL?
>
> SELECT username,password FROM members WHERE loggedin='no'
>
>
>

anti-bozak wrote:

> shaddap newbie
>
> "SP Computing" <webmaster@spcomputing.com> wrote in message
> newsbL1b.1651$MS5.28780@newsfep4-glfd.server.ntli.net...
>>
>> "anti-bozak" <antibozak@dot.com> wrote in message
>> news:fNw1b.3286$Ej6.1288@newsread4.news.pas.earthl ink.net...
>> > hi, i want to prevent multiple users with same ID/USERNAME logging into
> my
>> > site. I find it
>> > impossible to do that because the web browser does not return me any
>> values
>> > if the browser has been exited.

Just stick all successful logins in a table, and when someone attempts to
log in,

1 - check authentication is ok - exit otherwise
2 - delete/invalidate all current login sessions that match the username
3 - create the new login session

That will stop someone being logged in from more than one location


--
Matt Mitchell - AskMeNoQuestions
Dynamic Website Development and Marketing

sure buddy
try it before you talk


"matty" <matt+nntp@askmenoquestions.co.uk> wrote in message
news:HI12b.851$O57.275368@wards.force9.net...
> anti-bozak wrote:
>
> > shaddap newbie
> >
> > "SP Computing" <webmaster@spcomputing.com> wrote in message
> > newsbL1b.1651$MS5.28780@newsfep4-glfd.server.ntli.net...
> >>
> >> "anti-bozak" <antibozak@dot.com> wrote in message
> >> news:fNw1b.3286$Ej6.1288@newsread4.news.pas.earthl ink.net...
> >> > hi, i want to prevent multiple users with same ID/USERNAME logging
into
> > my
> >> > site. I find it
> >> > impossible to do that because the web browser does not return me any
> >> values
> >> > if the browser has been exited.
>
> Just stick all successful logins in a table, and when someone attempts to
> log in,
>
> 1 - check authentication is ok - exit otherwise
> 2 - delete/invalidate all current login sessions that match the username
> 3 - create the new login session
>
> That will stop someone being logged in from more than one location
>
>
> --
> Matt Mitchell - AskMeNoQuestions
> Dynamic Website Development and Marketing

anti-bozak wrote:

> sure buddy
> try it before you talk
>
>

Erm, that's exactly how I do it on all the sites I've written
lately.

mysql> describe user_sessions;
+-----------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| sessionid | varchar(32) | | PRI | | |
| loggedin | char(1) | YES | | NULL | |
| username | varchar(40) | YES | | NULL | |
| level | int(11) | | | 0 | |
| email | varchar(100) | YES | | NULL | |
| company | varchar(100) | YES | | NULL | |
| fullname | varchar(100) | YES | | NULL | |
| ipaddr | varchar(15) | YES | | NULL | |
| expires | datetime | YES | | NULL | |
| userid | int(11) | YES | | NULL | |
+-----------+--------------+------+-----+---------+-------+
10 rows in set (0.40 sec)

mysql>

Each page request, expires is checked to make sure it's in the
future, level (permission/access level) is compared against the
value in the user table to make sure it hasn't changed (so that if
you drop someone's privilege level, they're automatically logged out)
ipaddr is checked to make sure it still matches, etc.

(loggedin isn't used any more - it's a hangover from some old code)

if the session check passes, the "expires" column is updated to the
current date + a config-defined number of seconds

The entire thing is keyed on sessionid only (which is all that's passed
in the cookie)

All you'd have to do in this system, is add an extra line at login, to
do something like

delete from user_sessions where username = '$username';

before creating the new session, and in the session validity check, have an
extra condition:

select count(*) as sesscount from user_sessions where username = '$username';

and if this comes up > 1, invalidate the session.

I have done it, so what was your problem again? I was trying to help you,
I don't see what your issue is.

Matt

Mat,
In light of Anti-Bozaks Assinine and juvenile response to your
attempt to help him, I must commend you on your detailed explanation for
the posed question.

Most folx would have quickly dismissed this guy with a fast and final
"F(*& off" (myself included if I had a solution lol). Even though the
originator of the question was an ass about it, I just wanted to let you
know that I (and I'm sure others) truly appreciate you taking the time
to layout how you did this. As I am just beginning to learn PHP I try
not to bog down the forum with too many remedial questions but rather
scan the threads for points of interest for tips and hints.

Don't let this fool discourage you from responding to folks and thanks
again.

John A. Irwin
ActualClient.com


matty wrote:

> anti-bozak wrote:
>
>
>>sure buddy
>>try it before you talk
>>
>>
>
>
> Erm, that's exactly how I do it on all the sites I've written
> lately.
>
> mysql> describe user_sessions;
> +-----------+--------------+------+-----+---------+-------+
> | Field | Type | Null | Key | Default | Extra |
> +-----------+--------------+------+-----+---------+-------+
> | sessionid | varchar(32) | | PRI | | |
> | loggedin | char(1) | YES | | NULL | |
> | username | varchar(40) | YES | | NULL | |
> | level | int(11) | | | 0 | |
> | email | varchar(100) | YES | | NULL | |
> | company | varchar(100) | YES | | NULL | |
> | fullname | varchar(100) | YES | | NULL | |
> | ipaddr | varchar(15) | YES | | NULL | |
> | expires | datetime | YES | | NULL | |
> | userid | int(11) | YES | | NULL | |
> +-----------+--------------+------+-----+---------+-------+
> 10 rows in set (0.40 sec)
>
> mysql>
>
> Each page request, expires is checked to make sure it's in the
> future, level (permission/access level) is compared against the
> value in the user table to make sure it hasn't changed (so that if
> you drop someone's privilege level, they're automatically logged out)
> ipaddr is checked to make sure it still matches, etc.
>
> (loggedin isn't used any more - it's a hangover from some old code)
>
> if the session check passes, the "expires" column is updated to the
> current date + a config-defined number of seconds
>
> The entire thing is keyed on sessionid only (which is all that's passed
> in the cookie)
>
> All you'd have to do in this system, is add an extra line at login, to
> do something like
>
> delete from user_sessions where username = '$username';
>
> before creating the new session, and in the session validity check, have an
> extra condition:
>
> select count(*) as sesscount from user_sessions where username = '$username';
>
> and if this comes up > 1, invalidate the session.
>
> I have done it, so what was your problem again? I was trying to help you,
> I don't see what your issue is.
>
> Matt