Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Set a key in your session that you store in the database in the user table:</p> <p>Table User</p> <ul> <li>user_id</li> <li>username</li> <li>password</li> <li>token</li> </ul> <p>On Login:</p> <ul> <li>create random token</li> <li>UPDATE user SET token='MyRandomToken' WHERE username='username' and password='password';</li> <li>$_SESSION['login_token'] = 'MyRandomToken';</li> </ul> <p>On every page:</p> <ul> <li>SELECT user_id, username, token FROM user WHERE token='$_SESSION['login_token']';</li> <li>If not found then the logiin token is no longer valid.</li> </ul> <p>This makes sure that a login expires automatically if there is a newer login. There can be only one logged in user per account at any time.</p> <p><strong>UPDATE</strong></p> <p>Just saw your comment to the Question. My answer does not work for you as it doesn't disallow a second login but instead invalidates any previous login.</p> <p>If you want to prevent a second login then using a timestamp that you update on every page is the best solution:</p> <p>On login:</p> <p>(Assuming MySQL:)</p> <pre><code>SELECT user_id FROM user WHERE username='username' AND password='password' AND last_access &lt; DATE_SUB(NOW(), INTERVAL 10 MINUTE); </code></pre> <p>If a row was found then the account exists and the login is not blocked by another login. You might want to split that into two queries (first check login, then check last access) to give a better error message for failed logins, otherwise it's either "account does not exist" or "blocked".</p> <p>On every page:</p> <pre><code>UPDATE user SET last_access=NOW() WHERE user_id='CurrentUserId'; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload