CSS Codes
CSS Layouts
Results 1 to 2 of 2

Thread: A Unique user login application - Ideas about implementing it!!

  1. 10-06-2006, 11:50 AM #1
    codeexploiter's Avatar
    codeexploiter
    codeexploiter is offline Elite Coders
    Join Date
    Sep 2005
    Location
    India
    Posts
    1,627
    Thanks
    6
    Thanked 107 Times in 107 Posts

    Red face A Unique user login application - Ideas about implementing it!!

    Hi all,

    I am just thinking about implementing a private section in my Intranet where only registered/authorized users can enter. I know how to implement the user management section but i am thinking about something different, i am looking forward to implement a unique user log in system means if a user has already be logged in to the section at the same time the same username can't be used to log into the section.

    I am thinking about implementing this one using something like the following:

    After a successful user login their userid will be stored into an array that has application scope, then when the next user logs in the userid will be checked against the values that has been stored in the array that has application scope, if the userid exists there then the new login attempt will be blocked if the userid is not present then the other user can log into the section without any trouble. Whenever a user session ends the corresponding userid will be removed from the array.

    I want to know whether the above mentioned idea is in correct direction? I am open for your thoughts about the implementation of the above mentioned item.

    Thanks in advance for any help from you developers in this matter.

    Regards

    Code Exploiter
    -Codex
    http://jpvalappil.wordpress.com/
    Reply With Quote Reply With Quote
  2. 10-06-2006, 06:39 PM #2
    djr33's Avatar
    djr33
    djr33 is offline Global Moderator
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Sessions work great for this stuff. You don't really need to figure anything else out... just using them would be fine. You could add a time limit inactivity thing as well.
    Store the user/pass as session vars, as well as the session_id. Store all of those in the database, as well as a table for the correct user/pass.
    If the session id, user and pass match an entry in the session table, AND the user/pass matched the stored user/pass, the login is correct.
    Create the session table entries at a successful login, and clear old ones.
    Remember to randomize the session_id so that you start a new one each time they log out.
    Additionally, you may want to use IP. That will ensure that there's no way to anyone taking/sending a session to another computer.
    That's about all the security you should need.
    Oh, and, use md5() on the passwords. Never use the real password, nor store it in the database. Even if they were get someone's old cookie, they couldn't log on because they need the original pass when logging in the first time, then just the resulting md5 is compared and stored.
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules