doog1092 2013-07-26 06:45
浏览 14
已采纳

只允许一个用户访问同一台计算机上的帐户

I have this problem with my login system. I have two users, userA and userB in the same computer. userA enters to his account in one browser; userB gets access to his account in the same browser. My system thinks that now userB is also userA and userA is still connected to its own account but his name appears as userB. If these two users get access into different browsers, there is NO problem.

Do you have any idea how can I fix this problem? Here is the code of my login system:

<?php session_start();

 $error = "";
 $usuario1="";
 $password="";
 $form = $_POST['acceso_cuenta'];

 if($_SERVER['REQUEST_METHOD']=='POST'){

    $usuario1  = $_POST['login'];
    $password1 = $_POST['pass'];

        $strconn="dbname=postgres port=5432 host=127.0.0.1 user=xxx password=***";
        $conn=pg_Connect($strconn);

if(!$conn){
 //  "Error connection!!!";  

}else{

  $query3 = "SELECT USUARIO FROM USERS WHERE USUARIO='$usuario1' 
      AND E_CONTRASENIA='$password' AND LEVEL='TAMER_LEVEL_3'";

  $query2 = "SELECT USUARIO FROM USERS WHERE USUARIO='$usuario1' 
      AND E_CONTRASENIA='$password' AND LEVEL='TAMER_LEVEL_2'";

      $result2=pg_query($conn,$query2);

      $result3=pg_query($conn,$query3);

         if(pg_num_rows($result3) != 0 ) { //success
             if(isset($_SESSION['logged-in']) || isset($_SESSION['user'])){
                   session_unset();
                   session_destroy();
                   }

             $_SESSION['logged-in'] = true;
             $_SESSION['user']=$usuario1;
             header('location: http://localhost/public_html/teacherLv3.php');   
             exit;

          }else if(pg_num_rows($result2) != 0){
             if(isset($_SESSION['logged-in']) || isset($_SESSION['user'])){
                   session_unset();
                   session_destroy();
                   }

         $_SESSION['logged-in'] = true;
         $_SESSION['user']=$usuario1; 
         header('location: http://localhost/public_html/teacherLv2.php');   
         exit;  

       }else { 

           $error = "WRONG DATA."; 
       }//
    pg_close($conn);

  } //else { $error = 'Don't leave blank spaces';}
 }//end of if server
 ?>

This is the code for teacherLv3's page:

<?php
session_start();

// is the one accessing this page logged in or not?

 if ( (!isset($_SESSION['logged-in']) && $_SESSION['logged-in'] !== true)) {

// not logged in, move to login page
session_destroy();
header('Location: login.php');
exit;
  }
?>

<html>
  <?  echo "Welcome back Teacher_Level 3 MASTER  {$_SESSION['user']} " ; ?>
</html>

This is the code for teacherLv2's page: 

// is the one accessing this page logged in or not?

 if ( (!isset($_SESSION['logged-in']) && $_SESSION['logged-in'] !== true)) {

// not logged in, move to login page
session_destroy();
header('Location: login.php');
exit;
  }
?>

<html>
  <?  echo "Welcome back Teacher_Level 2 MASTER  {$_SESSION['user']} " ; ?>
</html>
  • 写回答

2条回答 默认 最新

  • doure8758 2013-07-26 06:58
    关注

    First things first... It's an good practise to start the session at top of the page. so right after the first <?php tag you start the session session_start();

    Then you need to unset the session variable first if an user is already logged in.

    So at the moment that you logout, you can do this:

    // everything fine for logout???
session_unset();
session_destroy();
// rederict to login / home page or whatever...

    And at the login part:

    if(pg_num_rows($result3) != 0 ) { //success
    if(isset($_SESSION['logged-in']) || isset($_SESSION['user']){
            session_unset();
            session_destroy();
        }
    $_SESSION['logged-in'] = true;
    $_SESSION['user']=$usuario1;
    header('location: http://localhost/public_html/teacherLv3.php');   
    exit;
}else if(pg_num_rows($result2) != 0){
    if(isset($_SESSION['logged-in']) || isset($_SESSION['user']){
            session_unset();
            session_destroy();
        }   
    $_SESSION['logged-in'] = true;
    $_SESSION['user']=$usuario1; 
    header('location: http://localhost/public_html/teacherLv2.php');   
    exit;  
}

    EDIT

    First you need to create an unique string for the user ( at the login part ):

    $r_addr = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$unique_string = hash('ripemd160', $user_agent . $r_addr);

    Then you need to create an table in the database that can hold the username ( to know about which user where talking about ) and the unique_string and an column where you set 0 or 1 for logout or not ( default 0 );

    Then when you login, you check against the database if there's already any user with the unique_string, if so, update them ( except your own ) and set the logout column to 1. Then check if you with that unique_string already excist, if so, then delete that entry. Then insert your own data in the table.

    Then everywhere where your check if the user is logged in, you also do an query on the new made table where you get the logout status ( so check for the username and for the unique_string ). The status is 0 or 1. then you do a little if:

    if(logout_status == 1 || no_result){ // also check for no result, because if so you an unregisterd user. The safest way to handle this is to logout and login again...
    // Do the logout with session_unset, session_destroy
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测