Hi, Right what i am after doing is i have a project i am working on which i need to only allow one person to be logged in at any time. There will be one username/password and if someone logs into the site nobody else can use that user/pass untill that persons cookie have ran out or logged out. Anyone know the best way to do this? Cheers, Adam
well, one way is to set it in the database and the cookie. put the expire time of the cookie in the database, and have logout make it 000000000. then have sign in check if($currentTime >= $dbTime){ //login } else{ echo "sorry, someone else is already logged in on this account"; } PHP:
This would work something like a users online script. When i user logs in or does any activity put him/her in the logged in table. The next time the script it run, compare the time of last activity with the current time. If difference is greater that 5 mins delete the row. You can check weather logged in or not this way .
This is the code at present $result = mysql_query("SELECT id FROM users WHERE username='$_POST[username]' AND password = '".MD5($_POST[password])."'"); $num_rows = mysql_num_rows($result); $results = mysql_fetch_array ($result); if ($num_rows > 0){ setcookie("id", $results[id]); setcookie("username",$_POST[username]); setcookie("password", MD5($_POST[password])); header("Location:www.site.com"); }else{ echo "Sorry your username or password was incorrect. Please <a href='login.php'>try again</a>"; } Code (markup):
omfg never store a password in a cookie, it's the worst idea in the entire world, you know that right ??? that didnt really help, I was hoping for more than that, heres my suggestion, firstly fix the way your users are logged in, secondly, edit the database and add a text field to the database, you'r gonna store a timstamp in there, when a user logs in, firstly check that there timestamp ( if it exists yet ) is more than X seconds / hours ago, if it exists and is in within your spex then refuse access, if it is either not existing or expired, then log them in without putting thier password in a cookie ( you really shouldn't, I dunno if I said that already ) and update the timestamp again .......
Cheers Joe, i don't even know why i have done it like that tbh there is no need for it to be there. Cheers for the heads up.
or you can add one row into database which tells if the user is logged or not. This may create problems eg if you leave user logged in and then shutdown your computer and your account is still logged and you try to log in from library.