php - how to prevent user multiple login with single account -


i need completed login script , i'm confused how prevent user multiple login single account?

in website have membership subscription 1 free , 1 paid want create more secure login system , want embed function paid user can't login multiple pc or browser once user logged single account.

example of system

1)if user login google chrome , trying login firfox system should automtically destroy      chrome session?  

here login script

$email=$_post['email']; $password=$_post['password']; $email = stripslashes($email); $password= stripslashes($password); $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password);   //selecting user db $querymysql=mysql_query("select * students semail='$email' , spassword='$password'") or die ("query problem");  $row=mysql_fetch_array($querymysql); $name=$row['sname']; $act=$row['activation']; $e=$row['semail']; $p=$row['spassword']; $ss=$row['sstatus'];  if($row>0){  if($row['sstatus']=="allow") {    if($row["activation"]=="activated") {  $_session['logclass']=$row['sclass']; $_session['logname']=$row['sname']; $_session['logsid']=$row['sid'];         $_session['logemail']=$row['semail'];    $_session['logclass']=$row['sclass']; $_session['logsubscribe']=$row['subscribe'];   $_session['logged']=$row['loginstatus'];  $_session['logged_in'] = true;  if(isset($_session['logged_in'])) { $query_time=mysql_query("update students set loginstatus='".$_session['logged_in']."' semail='".$email."'"); header('location:users/dashboard/index.php'); }  } if($login1==$_session['logged_in']) { header("location:logout.php");   }   }else if ($row["activation"]!="activated") { $actmsg="text";  header('location:login.php?actmsg='.$actmsg.''); } } else  { $pending="your account not approved admin";    header('location:login.php?pending='.$pending.'');   } }  else { $message="please check login details";  header('location:login.php?login_error='.$message.'');   } 

in table store user information add additional flag user record, shows whether user logged or not.

as user logged system, set flag.

when user logs off clear flag in user's record.

if user did not log off, when user inactive period of time, run automatic logoff (via cron job) , clear flag in user's record in table.


Comments

Popular posts from this blog

google api - Incomplete response from Gmail API threads.list -

Installing Android SQLite Asset Helper -

Qt Creator - Searching files with Locator including folder -