I am developing a website with some data visible to the user but things are happening in a different way. When I log in, I get some rows from the database and again If I log in from the other username that time also I am getting the same details as earlier. But I want to display rows with respect to the user. For example, Leave balance if I take 3 leaves out of 15 then I log in from my friend account that time also I am getting same leave balance. I want to do it like Facebook. What is the right way to make it work just like Facebook and what are the steps to do it?
I am Using PHP, MYSQL.
Thanks in Advance.
I think you need a php function :
session_destroy();
To destroy the last user session on logout that why you still have same thing for next login
check the instruction :
http://php.net/manual/fr/function.session-destroy.php
Related
my first ever post here.
I've built out a login system (with password validation, strengths, checks to the DB, hashing, etc) and am nearly complete. I've got it to where I can prevent duplicate logins of the same user, checking against two fields in my database that are created during the login process: one is a randomly generated token in 'token' and the other is 'isSignedIn' either a 0 and 1. Currently, it prevents duplicate logging in for the same user and will also boot the person off on the next page action.
My next goal is to prevent two different users from logging into the same web browser on the same computer at the same time. I haven't found a solid answer for this after hours of searching.
Here is the issue I am having: during my testing, having logged in with multiple users in the same browser:
I login with three different users into my portal; all three have
their 'token' and 'isSignedIn' written to the DB
I log off with one user and that user's token/isSignedIn value is
deleted/ altered, respectively
When I log out the other two users, the values for their 'token' and
'isSignedIn' remain in the database even though they are
logged out successfully.
I can't figure out why logging out the one user prevents the other two from having their 'token' and 'isSignedIn' deleted upon sign out. It works for the first user, no problem. I assume there is some sort of session overlap that kills the other two. I can't tell clients to simply "only one person at a time on one computer on one browser" so I need some help.
I'd like to limit only one user on one browser at a time or prevent a second/ third/ fourth user from logging in the same browser.
Any help would be greatly appreciated!
Thank you.
Database Image
Logout Processor
Please note that session is shared between all tabs of same browser.
When you unset & destroy session after first user's log out, the value of $_SESSION['email'] is lost from other tabs.
When you execute SQL statement to delete login it fails as it looks like:
update ... WHERE email = ''
To prevent more that one user to log into same browser, user session variable like the one you use (isSignedIn) and check its to redirect the user from login page to home page. Put following code on the top of login page:
and in log out actions add: $isSignedIn = 0;
I have a website where people can login, logout etc. I want to make it possible to only log in on 1 device, so if you log in with same account on lets say your phone it will give an already logged in error or so.
So I've figured out to make a "online" table which I will update to 1 on logging in and browsing page for each user, but how would I make it a 0 when someone left the page without logging out? I heard someone talking about a MySQL timer function but how does that work? So that it will set online to 0 after 300 seconds inactivity or so.
Normally you do this by updating a record in the database each time the user performs an action that indicates they're alive, or possibly via some kind of regular AJAX call that indicates they've at least got the page open.
It's generally of the form:
UPDATE users SET visited_at=NOW() WHERE id=?
Where you can provide the user's ID for that value based on the session information you have.
As far as my understanding You can try to create a column "isLogged" in the database and set it to true or false.When the user starts or end a session.
I need to know if there is an user logged in my website. For this purpose, I have only his session ID.
I got this id using: session->getId();
¿Is it possible?
Thanks in advance.
add a custom field to the session when the user logs in and then just check that field
Given that the web is essentially stateless, it is hard to know for sure if a particular user is logged onto a website.
One way to accomplish your goal is to keep a running log of all the users logged in, and the last visit time. Then you could query that log and if the users last visit time was less than 5 minutes ago, you could then say the user is logged onto your site. This will only tell you if the user is logged into your site, not if your site is the active tab in their browser.
Another way to get more "real-time" information as to the the active users of your site is to use something like SignalR which will allow you to do push to the browser. I've used SignalR in the past to send out system status messages to the browser and have it automatically update the page. The great thing about SignalR is it maintains an in-memory list of all the clients connected.
I have a question from a potential client (hence, no code yet) about a website they have which has a custom login script.
Basically, they have Analytics setup but it doesn't serve the purpose that they need - being able to tell how many times a user has logged in and how frequently they do so.
What would be the best way of achieving this? I'm guessing I would need to alter the PHP login script but I'm a little confused at how best to do it. I could do a new field in the database that counts their logins but I suspect that that's not a great way of doing it, and I'm not sure how I could tell the frequency from that type of system.
Any suggestions?
Every time a user logs in you could log it in your db or to a file. You could easily include user name, datetime, ip, user agent (all relevant data) etc. As mentioned this will make it very easy to build a profile on the user, login times, login locations etc
If you store the time of each attempt, you can run reports to figure out whatever you need.
the best way to implement this is a relational database. When a user is logged in, an entry is made in a table. When you want to find out how many times a user has logged in, a query to this table to count the entries that apply to that user.
You can simply make a new table where you store user_id and timestamp everytime the user is logging in. Using that data you can then see who, how many times and in which intervals of the day has been logged in.
Hello I have a website. created using php,mysql. I want to set a limit like.. only 10 user can login my website at same time. How can I do that kind of a setting? any body knows the solution kindly help me..
Use a database table to store the number of logged in users but you need to come up with some way of imposing a time limit on those users. I would suggest a field in the table which notes their last activity. When a new user attempts to login you need to apply some logic like this (pseudocode):
if(<10users){
login
} elseif(any of the users have no activity for 30 mins){
remove that user and login
} else {
inform user of no space
}
You would need to update the last activity every time a logged in user visits a new page.
Go read up on sessions in PHP, then write your own session handler - the first time as a learning exercise. Then write your own session handler again, fixing all the bugs from your first attempt and adding in the facility to count active sessions.
Note that the normal behaviour for session handlers is that the session data persists even after the session has timed out - its up to the garbage collector (and optionally the session loader) to clear up session data which is stale.
i would override php session handling and store user sessions in the database. you can find a simple tutorial here: http://www.raditha.com/php/session.php
this way you can simply check if there are more than 10 valid sessions stored in your database table. though you have to think about handling logouts and timeouts, as some standard timeout like 30 minutes might not work well in your application.
If you want 10 user logged on your site, disable the login box if there are more than 10 users logged in.
This presume that you have a table in the db that records the users that are logged in the site. The login procedure will write a new line in the table. The logout procedure will delete it.
Simply count the numbers of rows in this table to determine the number of users.
as answered above you have to maintain a table which will store the number of users who logged in,but whenever the user logs out then decrement that value....whenever a new user logins increment that value by checking it with ur limit