XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. Feature Request 
  4.  / preventing multiple simultaneous logins *URGENT*
Register
11
tl
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/11 17:30

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


Just one glitch with this hack.

$online_handler->gc( 300 );

prevents you from logging in 5 minutes if you forgot to logout.

But, it also allows another person to log in using the same username five minutes after the initial user having logged in, so multiple logins are still possible. The hack only works in the initial 5 minutes.

tl

12
GIJOE
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/11 21:08

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


I've missed some codes for updating the table of online.

The easiest way is enable "online user block" about all pages.
If you don't want to show this block, insert this code into the tale of include/common.php.
if ($xoopsModule->getVar('hasconfig') == || $xoopsModule->getVar('hascomments') == || $xoopsModule->getVar'hasnotification' ) == 1) {
            $xoopsModuleConfig =& $config_handler->getConfigsByCat(0$xoopsModule->getVar('mid'));
        }
    }
[color=ff0000]    
    if( is_object$xoopsUser ) ) {
        $online_handler =& xoops_gethandler('online');
        $online_handler->write($xoopsUser->uid(), $xoopsUser->uname(), time(), 0$HTTP_SERVER_VARS['REMOTE_ADDR']);
    }
[/color]
}
?>

13
GIJOE
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/11 21:20

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


Quote:

tl wrote:
But, it also allows another person to log in using the same username five minutes after the initial user having logged in, so multiple logins are still possible. The hack only works in the initial 5 minutes.

I forgot to show some codes.

Of course, if nothing is done for five minutes or more after an user logs it in, it is taken care of to have logged out.
Naturally, it is possible to log in from another machines.

If the security of the site is very important, You may lengthen it more for a long time though I assumed the time of the time-out to be five minutes (300sec).
However, when a browser is closed without logging out by mistake, log in cannot be wholly done in that case during the long time.
Please adjust it properly according to the policy of the site.
14
tl
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/11 22:29

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


Thanks, GIJOE. You have clarified the questions I have.
15
josecruz
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/12 0:16

  • josecruz

  • Just popping in

  • Posts: 68

  • Since: 2003/3/28


Wow, you guys have been a great help!!

And to think all of this was being discussed while I was asleep.

Quote:
I am not that technical and always curious and eager to learn. As far as my logical thinking reached, this hack didn't (even cannot) prevend logging in twice from the same pc. That is why I kept asking about this hack.

If my asking sounded somewhat offensive, I am sorry, because that wasn't my intension!


don't worry at all Shine, never any offense taken!

Quote:
But, it also allows another person to log in using the same username five minutes after the initial user having logged in, so multiple logins are still possible. The hack only works in the initial 5 minutes.


I just tested for that now, tl, and even hours after a login on one browser, I still can't login on any other browser or computer. I think you may have misunderstood that parameter and GIJ cleared it up with his explanation already. Still 300 is a little long in my opinion, I think I'll cut it down to 150 for my site.

And a big thanks to you GIJ!! I'll put in that bit of code for updating the online user table right away and tell you how it works out.

Jose
16
josecruz
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/12 0:26

  • josecruz

  • Just popping in

  • Posts: 68

  • Since: 2003/3/28


Quote:
sunsnapper wrote:
I think Jose is more worried about people logging in from different computers at the same time, rather than same computer.
In other words, making it harder for someone to share their password with someone somewhere else.


Actually Sunsnapper, GIJOE's hack is so thorough, you can't even login from different browsers on the same computer. If the level of security is that good, then I'm sure that a different pc would be no better able to get through.

Jose
17
josecruz
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/12 0:31

  • josecruz

  • Just popping in

  • Posts: 68

  • Since: 2003/3/28


Quote:
tl wrote:
Maybe an email to admin noticing the user account of simultaneous login would be even better.


Good idea tl. I'll getto work on making a function for that and I'll post it here when I'm done.

Jose
18
tl
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/12 0:51

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


Quote:
I just tested for that now, tl, and even hours after a login on one browser, I still can't login on any other browser or computer. I think you may have misunderstood that parameter and GIJ cleared it up with his explanation already. Still 300 is a little long in my opinion, I think I'll cut it down to 150 for my site.


Jose, if you were to log into the system and were idle for 5 minutes or more, another user would be able to log into the system using the same username while the first one were still online (but doing nothing). This way two users will be able to share the same username.

Same applies to two browsers. If one browser or user were to be idle for 5 minutes, another browser or user would be able to log in. Afterwards, as long as the first browser is open, the second browser or user can log in or off with no limitations.

The perfect solution would be the first one would be kicked off online if XOOPS were to detect there is second session active.

Look forward to your emailing function.

tl

19
josecruz
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/12 1:18

  • josecruz

  • Just popping in

  • Posts: 68

  • Since: 2003/3/28


Wow,

you're right tl, I could log in with a different browser if the first browser was idle for long enough.

This isn't going to do for my situation. Like you said I need to prevent anyone from loggin in as long as that user is laready active.

Any thoughts GIJ?

Jose
20
tl
Re: preventing multiple simultaneous logins *URGENT*

  • 2003/10/12 1:34

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


Quote:
you're right tl, I could log in with a different browser if the first browser was idle for long enough.

This isn't going to do for my situation. Like you said I need to prevent anyone from loggin in as long as that user is laready active.


I have not tested it yet, just a thought. You could utilize the custom session with GIJOE's hack.

For example, if you set

$online_handler->gc( 300 );

to 5 minutes, you could set the custom session to expire in 4 minutes - in essence, you force the user offline. Any user will have to wait for 1 minute afterwards to log in. This way it will make sure there is only one user in the system.



« 1 (2) 3 »

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

111 user(s) are online (32 user(s) are browsing Support Forums)

Members: 0

Guests: 111

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits