how do i stop multiple user login with same email and password once user already logged
Question
i need help how do i stop multiple user login with same email and password once the user already logged into the website i have website but in my website i have two kinds of membership subscription free or paid free users can try to login from multiple device's or pc's or browsers no problem with free users.
but now problem is that i want to restrict the paid users because paid users shouldn't only login from multiple devices or pc or browser after paid user login from anywhere .. while paid user try to login then system should automatically logout paid user from previous browser or devices or pc?
Example*
if paid user already login from chrome and user trying to login from firefox
then system should automatically destroy first session which is created
from chrome. then allow paid users to use their account in firefox.
Here My Test Script
Index.php
<form action="verifylog.php" method="post">
<input type="text" name="email1" /><br />
<input type="password" name="password1" /><br />
<input type="submit" value="Submit" />
</form>
Verifylog.php
session_start();
include('config.php');
if(empty($_POST['email1']))
{
header('Location:index.php');
}
$email=$_POST['email1'];
$password=$_POST['password1'];
$querymysql=mysql_query("select * from users where uemail='$email'
and upass='$password'") or die ("query problem");
$row=mysql_fetch_array($querymysql);
$db_email1=$row['uemail'];
$db_pass=$row['upass'];
$db_status=$row['ustatus'];
if($row>0){
$_SESSION['new_email']=$db_email1;
$_SESSION['new_pass']=$db_pass;
$_SESSION['new_status']=$db_status;
$_SESSION['logged_in'] = 'active';
if(isset($_SESSION['logged_in']) || !empty($_POST['email1']) )
{
$query_time=mysql_query("UPDATE users SET ustatus='".$_SESSION['logged_in']."'
WHERE uemail='".$email."'");
header('Location:test.php');
}
}
if($db_status==$_SESSION['logged_in'])
{
header("location:logout.php");
}
else
{
$msg="please check your email and password";
$_SESSION['error_msg']=$msg;
header('Location:index.php?error='.$_SESSION['error_msg'].'');
}
Test.php
<?php
$querymysql=mysql_query("select * from users
where uemail='".$_SESSION['new_email']."'") or die ("query problem");
$row=mysql_fetch_array($querymysql);
?>
Hello Mr. <?php echo $row['uemail']; ?> <br />
Your Email Is <?php echo $row['uemail']; ?> <br />
Your Password Is <?php echo $row['upass']; ?> <br />
Your Status Is <?php echo $row['ustatus']; ?> <br />
Here Your Can Logout Your Account: <a href="logout.php">Click Here</a>
Logout.php
<?php
session_start();
include('config.php');
if(!empty($_SESSION['logged_in']) || !empty($_POST['email1']) )
{
session_destroy();
$query_time=mysql_query("UPDATE users SET ustatus='inactive'
WHERE uemail='".$_SESSION['new_email']."'");
header("location:index.php");
}
?>
Thank You All I Have Completed My Script
Here My Completed If Any Web Developer Need It
how to prevent multiple user login with same email and password once user
already logged from multiple pc or browsers
Index.php
<form action="verifylog.php" method="post">
<input type="text" name="email1" /><br />
<input type="password" name="password1" /><br />
<input type="submit" value="Submit" />
</form>
Verifylog.php
session_start();
include('config.php');
if(empty($_POST['email1']))
{
header('Location:index.php');
}
$email=$_POST['email1'];
$password=$_POST['password1'];
$querymysql=mysql_query("select * from users where uemail='$email'
and upass='$password'") or die ("query problem");
$row=mysql_fetch_array($querymysql);
$db_email1=$row['uemail'];
$db_pass=$row['upass'];
$db_status=$row['ustatus'];
$db_sessionid=$row['session_id'];
$old_sessionid = session_id();
$new_sessionid = session_regenerate_id(true);
$_SESSION['newregid']=$new_sessionid;
$_SESSION['odlregid']=$old_sessionid;
$_SESSION['new_email']=$db_email1;
$_SESSION['new_pass']=$db_pass;
$_SESSION['new_status']=$db_status;
if(!empty($old_sessionid))
{
$query_time=mysql_query("UPDATE users SET session_id='".$old_sessionid."'
WHERE uemail='".$email."'");
header('Location:test.php');
}
else if($db_sessionid!=$_SESSION['odlregid'])
{
$query_time=mysql_query("UPDATE users SET session_id='".$new_sessionid."'
WHERE uemail='".$email."'");
header('Location:test.php');
}
Test.php
<?php
$querymysql=mysql_query("select * from users
where uemail='".$_SESSION['new_email']."'") or die ("query problem");
$row=mysql_fetch_array($querymysql);
$new_id=$row['session_id'];
if($new_id!=$_SESSION['odlregid']){
unset($_SESSION['odlregid']);
session_destroy();
header("location:index.php");
} else { ?>
Hello Mr. <?php echo $row['uemail']; ?> <br />
Your Email Is <?php echo $row['uemail']; ?> <br />
Your Password Is <?php echo $row['upass']; ?> <br />
Your Status Is <?php echo $row['ustatus']; ?> <br />
Your Session_Id Is <?php echo $row['session_id']; ?> <br />
Here Your Can Logout Your Account: <a href="logout.php">Click Here</a>
<?php }?>
Logout.php
<?php
session_start();
include('config.php');
header("location:index.php");
?>
5 answers
solution1
1 2014-06-26 16:40:49
Put the session id in your database with the user and write a new session id at each login. As part of your select statement check use the session_id as a criteria and any defunct sessions will no longer be valid.
solution2
1 2014-06-26 16:53:20
This is one easy way of doing it which you can try:-
1.)Store browser_name & mac_address along with username,password,status(1->loggedin;0->notloggedin) column in the table.
2.)At the time of log in,save a cookie with username,browser_name,mac_address,status & also update same values in table columns.
Before page loads, check this -
3.)On every page's header,get username,browser_name,mac_address from db and match it with values stored in cookie.If matches then continue session,if not end session.
Whenever user tries to log in from chrome,it will update the values in db and if a page refresh occurs on Firefox the values of cookie and db wont match resulting in automatic log out.Hope this helps.
Or you can do it with storing & matching a randomly generated unique session id.
solution3
1 2017-01-12 06:58:46
Your answer is almost correct but their is some mistakes and below are the changes need to add into your files:
1)Test.php
session_start();
include('config.php');
2)Logout.php
session_start();
unset($_SESSION['odlregid']);
session_destroy();
solution4
0 2014-06-26 16:41:55
I am not sure this will work, but you could save the session variable in your database for paid users. If they login again unset that session first and create a new one.
solution5
0 2014-06-26 16:54:10
- Save PHP Session in database. You can refer the details here PHP sessions in Database
- Link user session with session ID in database and from front end, trigger an ajax call which keeps checking validity of session.
- If at any point of time this validity breaks then force logout and show some message to user that you have logged into another device/browser.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.