douluyezhen4512 2016-12-04 20:13
浏览 25
已采纳

阻止2个用户登录同一帐户

I have a login script that uses no SQL because the server does not allow it. How can I prevent users from logging in on the same account from different machines/browsers? I have tried the solutions that i have found here on stackoverflow, but none of them worked. Here is my PHP:

    <?php 
session_start(); 


define('DS',  TRUE); // used to protect includes
define('USERNAME', $_SESSION['username']);
define('SELF',  $_SERVER['PHP_SELF'] );

if (!USERNAME or isset($_GET['logout']))
 include('login.php');  

// everything below will show after correct login 
echo '            <p>Te-ai conectat ca ';
echo $_SESSION['username'];
echo '</p>
            <p><a href="?logout=1">Inchidere sesiune</a></p>
            <tr><td>&nbsp;<br>&nbsp;</td></tr>
            <table style="width: 80%;">
<tbody>
<tr style="height: 23px;">
<td style="width: 27%; height: 23px;">&nbsp;Canal&nbsp;1&nbsp;si&nbsp;2&nbsp10s</td>
<td style="width: 18.7131%; height: 23px;"><audio controls="controls" preload="none"><source src="http://t22sys.noip.me:9300/;stream.mp3" type="audio/mp3">Your browser does not support the audio element.</audio></td>
<td style="width: 27%; height: 23px;"> <a href="http://t22sys.noip.me:9300/listen.pls" style="color:black"><button type="button">Asculta in player extern</button></a></td>
</tr>
</tbody>
</table>
<br>
';
?>

the login PHP is as follows:

 <?php defined('DS') OR die('No direct access allowed.');
 $users = array(
 'user'=>'pass',
);
if(isset($_GET['logout'])) {
   $_SESSION['username'] = '';
   header('Location:  ' . $_SERVER['PHP_SELF']);
   }
   if(isset($_POST['username'])) 
{
   if($users[$_POST['username']] !== NULL && $users[$_POST['username']] == $_POST['password']) 
   {
       $_SESSION['username'] = $_POST['username'];
       header('Location:  ' . $_SERVER['PHP_SELF']);
       }
       else
       {
           echo "<p>Eroare la autentificare</p>";
           }
}
echo '<form method="post" action="'.SELF.'">
<p>Autentificare membrii (Canal 1 si 2 fara delay, 128kbps)</p>
<p><label for="username">Utilizator:</label> <input type="text" id="username" name="username" value="" /></p>
<p><label for="password">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Parola:</label> <input type="password" id="password" name="password" value="" /></p>
<p><input type="submit" name="submit" value="Autentificare" class="button"/></p>
</form>';
exit; 
?>
  • 写回答

1条回答 默认 最新

  • doushi2902 2016-12-04 20:20
    关注

    Let's assume that duration of your session is 15 minutes. Just in case.

    You have no db access. I think you have to store additional info in separate file, eg. logged.txt.

    Proposed structure:

    admin,2016-12-04 21:30
anotheruser,2016-12-04 21:30

    where lines contains login (unique username), and date - logged_to equivalent

    For every request we have to parse this file by file_get_contents or getcsv then keep its data in array. Every change or page reload require to parse file, update data, and save everything in that file.

    When someone is logged in, update logged_to field to future date - +15 minutes from current time. Of course every page reload when user is logged should update this field again with future date: +15 minutes from current time.

    When user is logging out, just remove line with his username from this file.

    Of course when user tries to log in, you have to check if user exists in logged.txt file or, if exists, if logged_to date is earlier that current

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 正弦信号发生器串并联电路电阻无法保持同步怎么办
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
  • ¥15 个人网站被恶意大量访问,怎么办
  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 Centos / PETGEM
  • ¥15 划分vlan后不通了
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)