RE: [PHP] trikky authentication question
Daniel, What about using IP Logging? If the user is already logged in with the same IP you can let them on, if its a new IP you could ask them if they are a returning user? If so, make them log in a second time for verification, and close the other logged in user/account. Make some fancy "It appears your at a different location message, for security we'll need you to log in again." Now if they have dial up that might be a pain in the rear as the IP can change on each dial up, but for most broadband accounts and business that the user could go to, IE public library, etc.. they'd still only have one IP (assuming it's static) for each terminal(ramblin) but you get the idea, This is just another suggestion as I don't see it was one used yet. BTW, I'm only a newbie, so don't ask me how you'd do it, cuz I'm still learning the art of PHP yet. ;) I can log ips into a database though, so it shouldn't be that hard to pull them out and confirm that $newIp==$loggedIp. If you coupled this idea some of the other expiration techniques mentioned you could have one hell of a login monitoring system. Best of luck in your solution. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, May 31, 2003 9:11 PM To: [EMAIL PROTECTED] Subject: [PHP] trikky authentication question hi guys i have an authentication class , there is one last big issue to fix , i am trying to prevent multiple logins , it does this ok except , the first login gets kicked instead of the second one , i have a last_login date entry to work with , what else should i have so on the login check if the user is logged in , there is an issue using the logged in feature , ok u give it an interval of say 2 hours , this may prevent that person reloggin in for two hours right ?? :| , or say its a few minutes , i can log bak in after a few minutes and still kick the first login, what are my options -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] trikky authentication question
i said that before! just a hint to think offany questions? volker > - Original Message - > From: "John W. Holmes" <[EMAIL PROTECTED]> > To: "'Volker Augustin'" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Sunday, June 01, 2003 5:48 AM > Subject: RE: [PHP] trikky authentication question > > > > > for me these few line are working well, user cannot login before > > > max-idletime is reached (i check the list every time an action is > > > taken > > > on the board, if no user is online, i cant login forever and have to > > > connect > > > as another user first ;) > > > > And you call that a viable solution? That's ridiculous. > > > > ---John W. Holmes... > > > > Amazon Wishlist: http://www.amazon.com/o/registry/3BEXC84AB3A5E > > > > PHP Architect - A monthly magazine for PHP Professionals. Get your copy > > today. http://www.phparch.com/ > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] trikky authentication question
ok well i just noticed my sql statement is a bit flakey as its not a true idle time to get a true idle i'd have to keep a record of the time every request to the pages when logged in, this is checking when they lasted logged in so the user may still be logged in 300 seconds later , this isnt really idle especially when the users will be fulltext searching a table of 100K + records :|, any suggestions ? >> for me these few line are working well, user cannot login before >> max-idletime is reached (i check the list every time an action is >> taken >> on the board, if no user is online, i cant login forever and have to >> connect >> as another user first ;) > > And you call that a viable solution? That's ridiculous. > > ---John W. Holmes... > > Amazon Wishlist: http://www.amazon.com/o/registry/3BEXC84AB3A5E > > PHP Architect - A monthly magazine for PHP Professionals. Get your copy > today. http://www.phparch.com/ > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] trikky authentication question
ok here is the latest sql query SELECT username FROM users WHERE (logged_in=0 OR (NOW()-last_login) > 300 AND username='".$this->post['username']."'" there is the idle time added but what after the idle time they log bak in and then kiks the first login out ? there must be a better solution ?? > > And you call that a viable solution? That's ridiculous. > > ---John W. Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] trikky authentication question
wots the best solution then ?? "SELECT username FROM users WHERE logged_in=0 AND username='".$this->post ['username']."'" thats my current one but yes i get blocked out , what else can i add to it ? > > And you call that a viable solution? That's ridiculous. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] trikky authentication question
> for me these few line are working well, user cannot login before > max-idletime is reached (i check the list every time an action is > taken > on the board, if no user is online, i cant login forever and have to > connect > as another user first ;) And you call that a viable solution? That's ridiculous. ---John W. Holmes... Amazon Wishlist: http://www.amazon.com/o/registry/3BEXC84AB3A5E PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] trikky authentication question
so wot do i check upon , (NOW() - last_login) > max_idletime ? what do i do with the other check for logged_in=0 ? > hmmm, > for me these few line are working well, user cannot login before > max-idletime is reached (i check the list every time an action is > taken on the board, if no user is online, i cant login forever and have > to connect as another user first ;) > thats all, you could check idletime for all users at the login window > and log them out if reached - before logging in > volker > > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Sunday, June 01, 2003 5:06 AM > Subject: RE: [PHP] trikky authentication question > > >> What if I accidentally close my browser and come back to log >> > in? The system will not let me because I'm still "logged_in" until X >> > minutes pass. Also with this method, you need to keep track of these >> > attempted log ins and somehow alert the first user. >> >> good question i'm checking this out atm :| >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] trikky authentication question
hmmm, for me these few line are working well, user cannot login before max-idletime is reached (i check the list every time an action is taken on the board, if no user is online, i cant login forever and have to connect as another user first ;) thats all, you could check idletime for all users at the login window and log them out if reached - before logging in volker - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, June 01, 2003 5:06 AM Subject: RE: [PHP] trikky authentication question > What if I accidentally close my browser and come back to log > > in? The system will not let me because I'm still "logged_in" until X > > minutes pass. Also with this method, you need to keep track of these > > attempted log ins and somehow alert the first user. > > good question i'm checking this out atm :| > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] trikky authentication question
What if I accidentally close my browser and come back to log > in? The system will not let me because I'm still "logged_in" until X > minutes pass. Also with this method, you need to keep track of these > attempted log ins and somehow alert the first user. good question i'm checking this out atm :| -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] trikky authentication question
> hi guys i have an authentication class , there is one last big issue to > fix , i am trying to prevent multiple logins , it does this ok except , > the > first login gets kicked instead of the second one , i have a last_login > date entry to work with , what else should i have so on the login check if > the user is logged in , there is an issue using the logged in feature , ok > u give it an interval of say 2 hours , this may prevent that person > reloggin in for two hours right ?? :| , or say its a few minutes , i can > log bak in after a few minutes and still kick the first login, what are my > options I generally keep it like this, so that the first user is logged out. This way the user is alerted that someone has "hijacked" their account and they can act upon it. If you do it another way so that the first person remains logged on and the second user is denied access, you'll just need some extra flags in the database. Set a "logged_on" column when the user logs on and if another user tries to use the same name and the "logged_on" column is set, deny them. The issue you'll run into with this though, is how do you know someone is logged off? Sure, some people may use the log off button, but others will not. So you have to come up with a "timeout" script. What if I accidentally close my browser and come back to log in? The system will not let me because I'm still "logged_in" until X minutes pass. Also with this method, you need to keep track of these attempted log ins and somehow alert the first user. Hope that helps. ---John W. Holmes... Amazon Wishlist: http://www.amazon.com/o/registry/3BEXC84AB3A5E PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] trikky authentication question
doh silly me , i'll have to set a logged out flag , will help me in the
long run :D thanks dude
> hi,
> this is only a very fast response :))
> is solved this kind of problem like that:
> (quick solution for a chatboard - user cannot login for x seconds -
> maxidletime)
> /***two functions:**/
>
> function logoutMsgBoardUser($UserName)
>
> global $MessageBoardTable,$SiteID;
> $DB=new connectDB();
> $actDate= date("Y-m-d H:i:s");
> $newMessage=addslashes($UserName)." logged out.";
> $host="System";
> $Query="update ".$MessageBoardTable."
> set logged_out='1' where
> name='".addslashes($UserName)."'
> and site_id='".$SiteID."'
> and logged_out!='1'
> ";
> $DB->Query($Query);
> $Query="insert into ".$MessageBoardTable."
> (site_id,name,msg,created,host,archiv,aktiv,logged_out)
> values
>
> '".$SiteID."',
> '',
> '".$newMessage."',
> '".$actDate."',
> '".$host."',
> '0',
> '1',
> '1'
> )";
> $DB->Query($Query);
> }
>
> function getMsgBoardUserIdleTime($UserName)
>
> global $MessageBoardTable,$SiteID;
> $DB=new ConnectDB();
> $Query="select created from ".$MessageBoardTable." where
> site_id='".$SiteID."' and logged_out='0' and
> name='".addslashes($UserName)."' and aktiv='1' order by id desc limit
> 1";
> $DB->Query($Query);
> if ($DB->next_record())
>
> $lastUserPost=$DB->Record['created'];
> $actDate= date("Y-m-d H:i:s");
> $Result=strtotime(date ($actDate))-strtotime($lastUserPost);
> } else
>
> $Result=0;
> }
> return $Result;
> }
> /***and the code... i think thats all**/
> if ($msglogin=='1') {
> $newMessage=" entered the Messageboard";
> if (getMsgBoardUserIdleTime($MName) >0) {
> echo "Eine User mit diesem Namen ist bereits Online, bitte waehle
> einen
> anderen...";
> $logged_out=true;
> $MName="";
> }
> }
>
> if (isset($MName) && $MName!="") {
> $MyIdleTime=getMsgBoardUserIdleTime($MName);
> if ($MyIdleTime > $MaxIdleTime) {
> logoutMsgBoardUser($MName);
> $logged_out=true;
> $MName="";
> echo " logged out by system after ".$MyIdleTime." seconds without
> saying
> anything ;)";
> }
> }
>
> volker
>
>
> - Original Message -
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, June 01, 2003 4:11 AM
> Subject: [PHP] trikky authentication question
>
>
>> hi guys i have an authentication class , there is one last big issue
>> to fix , i am trying to prevent multiple logins , it does this ok
>> except ,
> the
>> first login gets kicked instead of the second one , i have a
>> last_login date entry to work with , what else should i have so on the
>> login check if the user is logged in , there is an issue using the
>> logged in feature , ok u give it an interval of say 2 hours , this may
>> prevent that person reloggin in for two hours right ?? :| , or say its
>> a few minutes , i can log bak in after a few minutes and still kick
>> the first login, what are my options
>>
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] trikky authentication question
hi,
this is only a very fast response :))
is solved this kind of problem like that:
(quick solution for a chatboard - user cannot login for x seconds -
maxidletime)
/***two functions:**/
function logoutMsgBoardUser($UserName)
global $MessageBoardTable,$SiteID;
$DB=new connectDB();
$actDate= date("Y-m-d H:i:s");
$newMessage=addslashes($UserName)." logged out.";
$host="System";
$Query="update ".$MessageBoardTable."
set logged_out='1' where
name='".addslashes($UserName)."'
and site_id='".$SiteID."'
and logged_out!='1'
";
$DB->Query($Query);
$Query="insert into ".$MessageBoardTable."
(site_id,name,msg,created,host,archiv,aktiv,logged_out)
values
'".$SiteID."',
'',
'".$newMessage."',
'".$actDate."',
'".$host."',
'0',
'1',
'1'
)";
$DB->Query($Query);
}
function getMsgBoardUserIdleTime($UserName)
global $MessageBoardTable,$SiteID;
$DB=new ConnectDB();
$Query="select created from ".$MessageBoardTable." where
site_id='".$SiteID."' and logged_out='0' and
name='".addslashes($UserName)."' and aktiv='1' order by id desc limit 1";
$DB->Query($Query);
if ($DB->next_record())
$lastUserPost=$DB->Record['created'];
$actDate= date("Y-m-d H:i:s");
$Result=strtotime(date ($actDate))-strtotime($lastUserPost);
} else
$Result=0;
}
return $Result;
}
/***and the code... i think thats all**/
if ($msglogin=='1') {
$newMessage=" entered the Messageboard";
if (getMsgBoardUserIdleTime($MName) >0) {
echo "Eine User mit diesem Namen ist bereits Online, bitte waehle einen
anderen...";
$logged_out=true;
$MName="";
}
}
if (isset($MName) && $MName!="") {
$MyIdleTime=getMsgBoardUserIdleTime($MName);
if ($MyIdleTime > $MaxIdleTime) {
logoutMsgBoardUser($MName);
$logged_out=true;
$MName="";
echo " logged out by system after ".$MyIdleTime." seconds without saying
anything ;)";
}
}
volker
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 01, 2003 4:11 AM
Subject: [PHP] trikky authentication question
> hi guys i have an authentication class , there is one last big issue to
> fix , i am trying to prevent multiple logins , it does this ok except ,
the
> first login gets kicked instead of the second one , i have a last_login
> date entry to work with , what else should i have so on the login check if
> the user is logged in , there is an issue using the logged in feature , ok
> u give it an interval of say 2 hours , this may prevent that person
> reloggin in for two hours right ?? :| , or say its a few minutes , i can
> log bak in after a few minutes and still kick the first login, what are my
> options
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
