tricky issue

@alias_0502Jan 22.2007

Hello all, I have a tricky little problem here and hope someone can help who has experienced the same issue and if not has the know how to help me.

I have this php script and I have incorporated a javascript as well that tells how many members are online and the javascript calls the php script to prevent multiple logons with the same username and password.

My problem is that it works great however once logged in I press the refresh button and it appears to run the javascript telling me “Someone else is already logged in under that username”.

That is what I should get once I log on the second time with the same username and password.

In summary I log on once with a specified username and password however when I depress the refresh button it’s as if I am trying to log on again with the same username and password. The script appears to run twice on refresh.

Hope I explained my situation clear here if not please let me know. I have attached the code I am using and the two different pages and I delete the session on logout but we don’t need that code here since it works great.

main.php

include (“ppl_login.htm”);
if ($online_check > 0){
echo “<b><font face=arial color=red>Someone else is already logged in under that username</font></b>”;
echo
“<script type=”text/javascript”>
setTimeout(“location.href=’http://frustratedmom.com/index.php'”,5000);
</script>”;
exit();
}

ppl_login.htm

<?
$usernameOL = $username;
$result = mysql_query(“SELECT usernameOL FROM ppl_online WHERE usernameOL =’$usernameOL'”);
$online_check = mysql_num_rows($result);
if ($online_check == 0){

@mysql_query(“INSERT INTO ppl_online (usernameOL, activity, ip_address, refurl, user_agent) VALUES (‘$usernameOL’, now(), ‘{$_SERVER[‘REMOTE_ADDR’]}’, ‘{$_SERVER[‘PHP_SELF’]}’, ‘{$_SERVER[‘HTTP_USER_AGENT’]}’)”);

} else {
if($online_check > 0 ){
@mysql_query(“UPDATE ppl_online SET activity=now() WHERE usernameOL = ‘$usernameOL'”);

}

// 5 Minute time out. 60 * 5 = 300
$maxtime = time() -3600;
$sql = mysql_query(“DELETE FROM ppl_online WHERE UNIX_TIMESTAMP(activity) < ‘$maxtime'”);

mysql_query(“UPDATE ppl_online SET refurl = ‘{$_SERVER[‘PHP_SELF’]}’ where usernameOL =’$usernameOL'”);
}
?>

Regards,

alias_0502

to post a comment

JavaScript

8 Comments(s) _↴

@alias_0502authorJan 22.2007 — #Does anyone see what if anything is wrong with the code I presented?

@alias_0502authorJan 23.2007 — #I guess nobody knows. If I am posting this question wrong please let me know. This javascript is driving me nuts.

I will post the issue again.

Why when after logging in then I press the refresh button and it runs that bit of code on my main.php again and reproduces the error and redirects back to the index page.

After loggin in I don't want the refresh button to redirect me. I don't want to disable the refresh button either.

Any help!!!! would be appreciated.

@d_tedJan 23.2007 — #maybe you should try to make use of $_SESSION variables and don't allow the refresh login

basically i guess that is happening, u try to login twice

if( login_succesfull() ) {

$_SESSION['logged']=1;

}

and in login function verify if $_SESSION['logged'] is 1 or not, and do or not the login routine.

@alias_0502authorJan 31.2007 — #Thansk d_ted.

Appreciate your response. I'm not quite sure I follow what your saying but I think I do and will get back to you and let you know.

Thanks,

alias_0502

@d_tedJan 31.2007 — #well

let me explain a little bit more

when you verify the username and password of the user, u create the data in ppl_online. in the same time, u create this $_SESSION['logged'] = 1;

now, when u make the verification of the user, u verify if the $_SESSION['logged'] == 1 or not. if 1 then skip the login procedure, else proceed.

something like this:

login_function_defined_by_you(user,pass) {

if ($_SESSION['logged'] == 1 )

// user is logged

return true;

elseif ( verify user and pass) {

add data to ppl_online;

$_SESSION['logged'] =1;

}

else

return false;

}

i hope i am more clear now.

@alias_0502authorJan 31.2007 — #Yes, thanks very much for getting back to me.

Regards,

Alias_0502

@alias_0502authorFeb 01.2007 — #I just realized something and again thanks for your reply. I already have a database.php file that checks the username and password and this ppl_online script is working as a duplicate script.

/**^{^M}

* confirmUserPass - Checks whether or not the given^{^M}

* username is in the database, if so it checks if the^{^M}

* given password is the same password in the database^{^M}

* for that user. If the user doesn't exist or if the^{^M}

* passwords don't match up, it returns an error code^{^M}

* (1 or 2). On success it returns 0.^{^M}

*/^{^M}

function confirmUserPass($username,$password){^{^M}

/* Add slashes if necessary (for query) */^{^M}

if(!get_magic_quotes_gpc()) {^{^M}

$username = addslashes($username);^{^M}

}

/* Verify that user is in database */

$q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";

$result = mysql_query($q, $this->connection);

if(!$result || (mysql_numrows($result) < 1 )){

return 1; //Indicates username failure

}

 /* Retrieve password from result, strip slashes */^M
   $dbarray = mysql_fetch_array($result);^M
   $dbarray['password'] = stripslashes($dbarray['password']);^M
   $password = stripslashes($password);^M

^{^M}

/* Validate that password is correct */^{^M}

if($password == $dbarray['password']){^{^M}

return 0; //Success! Username and password confirmed^{^M}

}^{^M}

else{^{^M}

return 2; //Indicates password failure^{^M}

I want to incorporate something like this into the above script:

echo "<b><font face=arial color=red>Someone else is already logged in under that username</font></b>";

echo

"<script type="text/javascript">

setTimeout("location.href='http://something.com'",5000);

</script>";

}

within this database script any ideas on how to do it? I have an idea but not sure where to place the error. Would it be after the username and password are check and after the else statement before return 2;

Thanks for your help,

alias_0502

@alias_0502authorFeb 01.2007 — #Scratch my last thread:

I have a session.php file already and I want to replace or remove or put in place of the section where it sees a duplicate username and password has been entered and spits out the javascript "Someone lese is already logged in under that username"

Do you have any idea how I can go about that. My main goal is to not have users share there username and password. Here is my session.php file:

^{^M}

class Session^{^M}

{^{^M}

var $username; //Username given on sign-up^{^M}

var $userid; //Random value generated on current login^{^M}

var $userlevel; //The level to which the user pertains^{^M}

var $time; //Time user was last active (page loaded)^{^M}

var $logged_in; //True if user is logged in, false otherwise^{^M}

var $userinfo = array(); //The array holding all user info^{^M}

var $url; //The page url current being viewed^{^M}

var $referrer; //Last recorded site page viewed^{^M}

/**^{^M}

* Note: referrer should really only be considered the actual^{^M}

* page referrer in process.php, any other time it may be^{^M}

* inaccurate.^{^M}

*/^{^M}

^{^M}

/* Class constructor */^{^M}

function Session(){^{^M}

$this->time = time();^{^M}

$this->startSession();^{^M}

}^{^M}

^{^M}

/**^{^M}

* startSession - Performs all the actions necessary to ^{^M}

* initialize this session object. Tries to determine if the^{^M}

* the user has logged in already, and sets the variables ^{^M}

* accordingly. Also takes advantage of this page load to^{^M}

* update the active visitors tables.^{^M}

*/^{^M}

function startSession(){^{^M}

global $database; //The database connection^{^M}

session_start(); //Tell PHP to start the session^{^M}

^{^M}

/* Determine if user is logged in */^{^M}

$this->logged_in = $this->checkLogin();^{^M}

 /**^M
   * Set guest value to users not logged in, and update^M
   * active guests table accordingly.^M
   */^M
   if(!$this->logged_in){^M
   $this->username = $_SESSION['username'] = GUEST_NAME;^M

if(!$this->logged_in){^{^M}

$this->username = $_SESSION['username'] = GUEST_NAME;^{^M}

$this->userlevel = GUEST_LEVEL;^{^M}

$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);^{^M}

}

/* Update users last active timestamp */^{^M}

else{^{^M}

$database->addActiveUser($this->username, $this->time);^{^M}

}^{^M}

^{^M}

/* Remove inactive visitors from database */^{^M}

$database->removeInactiveUsers();^{^M}

$database->removeInactiveGuests();^{^M}

^{^M}

/* Set referrer page */^{^M}

if(isset($_SESSION['url'])){^{^M}

$this->referrer = $_SESSION['url'];^{^M}

}else{^{^M}

$this->referrer = "/";^{^M}

}^{^M}

^{^M}

/* Set current url */^{^M}

$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];^{^M}

}^{^M}

^{^M}

/**^{^M}

* checkLogin - Checks if the user has already previously^{^M}

* logged in, and a session with the user has already been^{^M}

* established. Also checks to see if user has been remembered.^{^M}

* If so, the database is queried to make sure of the user's ^{^M}

* authenticity. Returns true if the user has logged in.^{^M}

*/^{^M}

function checkLogin(){^{^M}

global $database; //The database connection^{^M}

/* Check if user has been remembered */^{^M}

if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){^{^M}

$this->username = $_SESSION['username'] = $_COOKIE['cookname'];^{^M}

$this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];^{^M}

}

^{^M}

/* Username and userid have been set and not guest */^{^M}

if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&^{^M}

$_SESSION['username'] != GUEST_NAME){^{^M}

/* Confirm that username and userid are valid */^{^M}

if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){^{^M}

/* Variables are incorrect, user not logged in */^{^M}

unset($_SESSION['username']);^{^M}

unset($_SESSION['userid']);^{^M}

return false;^{^M}

}^{^M}

^{^M}

/* User is logged in, set class variables */^{^M}

$this->userinfo = $database->getUserInfo($_SESSION['username']);^{^M}

$this->username = $this->userinfo['username'];^{^M}

$this->userid = $this->userinfo['userid'];^{^M}

$this->userlevel = $this->userinfo['userlevel'];^{^M}

 return true;^M
   }^M
   /* User not logged in */^M
   else{^M
   return false;^M
   }^M

}^{^M}

^{^M}

/**^{^M}

* login - The user has submitted his username and password^{^M}

* through the login form, this function checks the authenticity^{^M}

* of that information in the database and creates the session.^{^M}

* Effectively logging in the user if all goes well.^{^M}

*/^{^M}

function login($subuser, $subpass, $subremember){^{^M}

global $database, $form; //The database and form object^{^M}

 /* Username error checking */^M
   $field = "user";  //Use field name for username^M
   if(!$subuser || strlen($subuser = trim($subuser)) == 0){^M
   $form->setError($field, "* Username not entered");

}^{^M}

else{^{^M}

/* Check if username is not alphanumeric */^{^M}

if(!eregi("^{^([0-9a-z])*$",} $subuser)){^{^M}

$form->setError($field, "* Username not alphanumeric");^{^M}

}^{^M}

}^{^M}

^{^M}

/* Password error checking */^{^M}

$field = "pass"; //Use field name for password^{^M}

if(!$subpass){^{^M}

$form->setError($field, "* Password not entered");^{^M}

}^{^M}

^{^M}

/* Return if form errors exist */^{^M}

if($form->num_errors > 0){^{^M}

return false;^{^M}

}^{^M}

^{^M}

/* Checks that username is in database and password is correct */^{^M}

$subuser = stripslashes($subuser);^{^M}

$result = $database->confirmUserPass($subuser, md5($subpass));^{^M}

 /* Check error codes */^M
   if($result == 1){
   $field = "user";
   $form->setError($field, "* Username not found");^M
   }^M
   else if($result == 2){
   $field = "pass";
   $form->setError($field, "* Invalid password");
   }
 
   /* Return if form errors exist */
   if($form->num_errors > 0){
   return false;
   }^M

^{^M}

/* Username and password correct, register session variables */^{^M}

$this->userinfo = $database->getUserInfo($subuser);^{^M}

$this->username = $_SESSION['username'] = $this->userinfo['username'];^{^M}

$this->userid = $_SESSION['userid'] = $this->generateRandID();^{^M}

$this->userlevel = $this->userinfo['userlevel'];^{^M}

^{^M}

/* Insert userid into database and update active users table */

$database->updateUserField($this->username, "userid", $this->userid);

$database->addActiveUser($this->username, $this->time);

$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);

^{^M}

/**^{^M}

/* Check if username is reserved */^{^M}

else if(strcasecmp($subuser, GUEST_NAME) == 0){^{^M}

$form->setError($field, "* Username reserved word");^{^M}

}^{^M}

/* Check if username is already in use */^{^M}

else if($database->usernameTaken($subuser)){^{^M}

$form->setError($field, "* Username already in use");^{^M}

}^{^M}

Also in #JavaScript _↴

Retrieving A Span by Name Mouseover text color chang help plz!HELP: onclick this.form is empty or .....

Success!

Help @alias_0502 spread the word by sharing this article on Twitter...

Tweet This

tricky issue

8 Comments(s) _↴

Also in #JavaScript _↴

Success!

Social

Version

tricky issue

8 Comments(s) ↴

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

8 Comments(s) _↴

Also in #JavaScript _↴