6 Replies - 489 Views - Last Post: 09 February 2013 - 08:32 PM Rate Topic: -----

#1 Kirstine  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 37
  • Joined: 04-February 13

Limited log-in.

Posted 09 February 2013 - 05:50 AM

We have a school project, we are making a website. I'm half way done with it, but I have encountered this problem. I want that one of the user must only allowed to log-in once. For example, an Administrator of the site had already log-in, then no once else can log-in using the same username and password even he/she uses another pc or browser. Is this possible? how?
Is This A Good Question/Topic? 0
  • +

Replies To: Limited log-in.

#2 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 926
  • View blog
  • Posts: 3,204
  • Joined: 19-January 10

Re: Limited log-in.

Posted 09 February 2013 - 06:03 AM

Well you could go one of two ways (or ideas, there are multiple ways to implement these):

1. Whenever someone logs in, the old logged-in user is logged out/loses their session.
2. They cannot log in if someone else is logged in.

For number one, that's rather simple. Store the IP of the last logged in person on the database. Check it on every page reload. Is it the same as the person using the computer? No? Log them out (therefor the last logged in person's IP will be in the database, so only they will be logged in and nobody else)

For number two, that's a little more complex. Basically one of the problems we face here is we have no idea when the user just leaves the site, and let's face it, user's rarely ever click on the "logout" button. You don't want to hang up the whole system because some lame admin forgot to logout and went out for lunch.

To overcome this, we can record the times they access the site! Get where I'm going at? We can assume that they've logged out/left the computer/closed the browser based off the last time they were active. You can do this by storing a timestamp under a column named something like... last_active_timestamp or something. Then whenever someone logs in, if last_active_timestamp has a time of less than, say, 10 minutes ago, then we can assume that account is logged in.

Of course this would cause problems like "Oh admin X says he logged out and admin Y can't login" because of course, they haven't waited 10 minutes. Now a quick and dirty way of fixing that would be to changing last_active_timestamp to something like, 0 when they click the logout button. Something definitely over 10 minutes ago. Huzzah!

Hope this helps!

This post has been edited by creativecoding: 09 February 2013 - 06:04 AM

Was This Post Helpful? 1
  • +
  • -

#3 Kirstine  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 37
  • Joined: 04-February 13

Re: Limited log-in.

Posted 09 February 2013 - 06:20 AM

I'd rather to go with number two, but I can't understand how do you want me to implement it. :(
Was This Post Helpful? 0
  • +
  • -

#4 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6036
  • View blog
  • Posts: 23,430
  • Joined: 23-August 08

Re: Limited log-in.

Posted 09 February 2013 - 06:41 AM

Wow, you spent a whole 16 minutes max on thinking about it, huh? :rolleyes:
Was This Post Helpful? 0
  • +
  • -

#5 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 926
  • View blog
  • Posts: 3,204
  • Joined: 19-January 10

Re: Limited log-in.

Posted 09 February 2013 - 02:08 PM

I don't know how much else I can help you...

You have a database for login information right? Well you'll need a new column in the users table, with the name last_active_timestamp.

I'm hoping you're using some sort of framework/design pattern, cause this would be way easier that way. But you need to update the logged-in-person's row's last_active_timestamp every time they call the script (refresh the page, go to another page with PHP, do an action, etc). You can use time() for the timestamp. I know there's a timestamp function in mysql, but I haven't read up on it - you might want to if you like solutions like that.

But once they log in, you would compare that was with the current time. You could do that with a script like this:
$current_time = time();
$last_active = // get the last_active_timestamp column
$since_last_active = $current_time - $last_active;
if($since_last_active > 600){ // time() is measured in seconds, there are 600 seconds in 10 minutes
    // The user may login
} else {
    // The user may logout
}


Was This Post Helpful? 3
  • +
  • -

#6 Kirstine  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 37
  • Joined: 04-February 13

Re: Limited log-in.

Posted 09 February 2013 - 07:46 PM

So you mean the moment a user/admin log-in, it will automatically record that time he login? Then when will it records the last_active?
Was This Post Helpful? 0
  • +
  • -

#7 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 926
  • View blog
  • Posts: 3,204
  • Joined: 19-January 10

Re: Limited log-in.

Posted 09 February 2013 - 08:32 PM

yes, every time he logs in and every time he does something on the site.

also, before you record a new timestamp for being active, you should check if he's been inactive for 10 minutes. If so, force him to log out. Otherwise you could have more than one person logged in due to one idling for 10 minutes, another admin logging in, and the first admin continuing his work.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1