I am currently using laravel 5.4, i get the list of online users, and i want from my admin-dashboard to make a specific user from my list to disconnect,
is there a way to do so ?
Set a flag in the database, for example, to mark the user as needing to logout. Then on their next request, in say a middleware, you can do:
if (Auth::user()->should_logout) {
Auth::logout();
}
There is a workaround to do this but I think it's
not optimum!
In users table we should have a field, say conected, then call an ajax request every 10 seconds (example), this ajax request is checking for connected field and sending user id, stating that user still is online, now when you change this field manualy, any time user click on a link or refreshes the page, they are logged out!
update:
#btl's idea to use window.reload() is good and does not need refreshing !
Related
My question is that how to temporally disable a number of buttons/links for user when he clicks one. For example there are 5 buttons: button1, button2.. If he clicks button1 then he can't click any of the buttons again for example 6 hours. Should it be done with php getting user ip, sending it to mysql and "banning" user for 6 hours. Whether clicking the buttons or the url where the buttons are. And after cleaning the specified ip from mysql. The buttons should be banned for the clicked user not for anyone else also refresh or browser restart should grant the option to click any again.
Or should it be done with htaccess somehow.
Extra info: PHP 5.4, mysql.
Site also has a basic login system ( http://blog.geotitles.com/2011/07/php-login-script/ )
But I think it would be easier to do separately.
Have a fool proof way to identify individual users. The only real solution here is to require the user to register and log in.
Store the last time the user did a certain thing in your database.
Check when the last time the user did a certain thing was and do not offer him the button/reject the action should he be doing it again before enough time has passed.
(Optionally: periodically clean out old and unneeded action/timestamps from the database.)
In your users database table, add a last_button_click field.
When a user clicks a button, write a record to the database saying the time they clicked it. When reading the page, check if last_button_click is more than X hours in the past, if so, display the buttons.
If a user shouldn't be able to use duplicate accounts, you'll also want to record his/her IP address in the database and prevent more signups from the same IP address. This isn't foolproof, as users with VPN services like HMA will be able to get around it, but for the majority of users it will work.
You can also look into banning anonymous proxies, VPNs and TOR if needed.
"Banning" a user in a database works fine. When they click the button it should add a ban to the database and when it draws the page again, it should query the database to see if they are banned. If they are, do not show the button, if they are not, show the button.
I have a logging system on my site, but I don't know how to get a user's status (online/offline). I've read more themes, but I don't understand them... can someone give me an example?
You don't know if the page is close from the server, you can't check that with PHP.
You can check with javascript on client side and call your server in ajax on each events.
For exemple with Jquery :
<script>
$(window).unload( function () { $.get('http://exemple.com/user.php?offline=true'); } );
</script>
Just add an column status in your user_info table in database and when user logs-in then update it with 'loged-in' and when it logs out then update it with 'Logs-out'
I'd keep track of the user's actions; this is what Stack Overflow does (along with "last seen" instead of "online" or "offline") and it works very nicely.
Pick a criterion:
Requested a page
Posted something
Whatever else applies to your website in particular
If the user hasn't done that in the last n minutes, then you can assume the user is offline. I'd say a good threshold is probably 30 minutes.
I've binged a lot for this stuff, but couldn't find direct ANSWER,
I've searched for this here,
But
I am still beating my head against the wall trying to implement,
How do I do update query after session expired?
I'm not talking about explicit clicking "Logout" button
Here's basic SQL structure:
CREATE TABLE auth_users (
email varchar(40) NOT NULL,
password varchar(40) NOT NULL,
online ENUM('1') DEFAULT NULL <-- HERE, it updates to 1 when user logged in, it updates back to NULL when user explicitly clicks on LOGOUT
) type=MyISAM;
Class Hierarchy:
interface {
function login();
function logout();
//calls after succes authorization
function set_as_online();
//calls from within logout() method
function set_as_offline();
}
BUT IT DOES NOT UPDATES BACK TO NULL WHEN USER CLOSES HIS BROWSER,
For example,
Assume we have two users: User-A, User-B
User A logged successfully, now User-B can see User-A as ONLINE user.
If User-A forget to click "LOGOUT" and would close his browser,
user-B still can see User-A as ONLINE. That's the problem.
For example,
Facebook handles this very well,
Assume your friend just closed the browser (i.e his session does not exists anymore),
then somehow you can see him as OFFLINE
What am I doing wrong? Incorrect approach of handling offline/online users?
Another approach is needed here i think. Don't set a online/offline flag, but a 'last_seen' timestamp. Ie. with every request update the record to the current timestamp. If you want to know if the user is online, just do:
if($current_time - $last_seen_time < $session_expire_limit) {
// online
} else {
// offline
}
Otherwise you'd need a cronjob of some sort to automatically reset the online flag in your database after a certain time, but then still you'd need a last_seen column.
// edit
i don't know exactly how facebook does it, but it could be one of the following; for the chat and notify functionality facebook opens up a 'stream', which is in fact a little ajax call which is kept alive by the server (btw, this ajax call is refreshed every 40 seconds). Possibly this stream is used to track online users. Another option, but less likely, is that an event is attached to the window.unload event. This is less likely because a page refresh, a clicked link to another facebook page etc. is also triggering the event. This would mean that every time an internal facebook link is clicked the event should be unbinded from the browser.
Can't think of another way atm, just some suggestions. Unfortunately those are quite labor-heavy to implement, I assume my suggestion above (before the edit) should be suitable for a common website.
I am not sure how facebook controls this stuff but i can suggest you from the top of my head how i would approach this matter.
I would add a new field on your auth_users table of type Date that will represent the session_expiry_time .
Then inside your html pages you should implement some silent ajax code that will call a dummy php page on the server (the interval is something very important because you have to balance performance and functionality). This dummy page will update the session_expiry_time of the user in
the auth_users table.
Therefore, in any given time, checking a user's session_expiry_time against current time will determine if the user is online or not.
http://de2.php.net/manual/en/features.connection-handling.php
you can with register_shutdown_function() und connection_aborted() your intend achieve
Use a simple JavaScript on the page
In the body tag
The callLogoff() should be replaced with the JavaScript function that calls log off.
Try it.
I know this question might be duplicate of other similar questions but I couldn't find a proper answer, sorry if I didn't show you the code becuase I am not sure how to do it.
I try to create a login page in PHP, but I want to keep track of the users log in attempt if they didn't sucessfully log in. I assume using database but don't know how exactly to do it.
what I want is that when people failed after three attempt it should generate an alert dialogue (modal window will be even better) and when user click OK in the alert the log in window should be closed as well.
After that if the user go to the login page again, the login form should not be shown to the user again within an hour, I assume to use ip or session to block it. But since the user not logged in, I don't know if I can store the ip in the database. s
Can anyone help me with that? Any help would be greatly appreciated!
just simply include an insert statement on the part of your code that is doing the login process then everytime the user fails to login that will trigger the query but still checks the database if he is able to do the attempt 3 times you could also do it with ajax if you like.
I wrote a PHP/JavaScript implementation of exactly what you are trying to do. It keeps track of the user's attempts with PHP sessions, and if the user attempts more than a certain number of times, it prevents additional login attempts for a certain number of seconds. Every time the user fails after that, it increases the number of seconds he has to wait to login again. All the parameters can be customized too.
Here is the project page and download: http://www.danedesigns.com/powerauth.php
Here is the scenario,
User Logs InUser gets up, goes to get some coffee, and talks to co-worker Steve in the kitchen for 15 minsUsers session times outUser comes back to desk and trys to use a field on his/her screen which utilizes ajax functionality
Now, In the ajax page I am checking to see if he/she is logged in, but what do I do with the user? If I just return nothing from the ajax page, then the user does not know why the field is not working. If I try to use header("Location: "), that will not work as expected.
I could return a message saying you need to refresh the page, but that is kind of lame. What I would like to do is return the user back to the main page. I could do this using javascript obviously, but that is relying on the fact that user did not just go to http://website/ajaxpage.ajax.php and has javascript disabled. So what is the best way to handle this?
UPDATE
What about automatically refreshing the page after 15 minutes passes? Maybe using a meta tag? Or a javascript timeout on the page? That would cause the user to just see the login screen automatically when they sit down, however if they are on the same page for 15 minutes it may refresh and be annoying.
Is it using jsonp? You might be able to return a function that sets window.location and is called as the callback.
Alternatively, you can modify your logic in the JS and return a JSON object that has a timed out indicator, in which case you can handle it appropriately in the AJAX callback. for instance, you can put up a timed box that says "Your Session has Expired - please login again" and then redirect them to the login page.
EDIT In response to your update, I wouldn't automatically refresh it. What you can do is put in some smart idle detection logic and manage the refresh with setTimeout. Here is an example of one using Prototype, but you probably don't want to base it off mouse move.
You could send back a special message from the Ajax page, to indicate to your JavaScript code (running in the user's browser) that it needs to refresh the page. To do that, all you need is
window.location.reload(true);
https://developer.mozilla.org/en/DOM/window.location
before sending whatever data you are going to send to the ajax page, send a real quick query that checks session status, return a simple 1 or 0. on 1, continue and do the ajax action. on 0, call another function that pops up a modal "Login" box, sends that login info via ajax and again gets a 0 or 1 for un/successful login. if returns 1, then return and continue inital action, otherwise re-present the modal login box.
You could set a session_id in the cookies and allow the user to "stay logged in on this computer" so when it expires, and the user tries to use the ajax function, it could actually log him back in.