1
josecruz
preventing multiple simultaneous logins *URGENT*
  • 2003/9/21 5:02

  • josecruz

  • Just popping in

  • Posts: 68

  • Since: 2003/3/28


Hi everyone,

I have noticed that it's possible to login to a XOOPS site using one login name and password, and then turn around to another browser on a different computer (or even on the same computer) and use exactly the same login info on the same site, and XOOPS will still allow the second logon.

As I'm working on a site that uses paid subscriptions, how would I be able to control such multiple logins? For example allowing some login names (for a group of individuals) the ability to have multiple logins, while disallowing it for others (non-group members).

thanks all

Jose

2
josecruz
Re: preventing multiple simultaneous logins *URGENT*
  • 2003/10/11 7:52

  • josecruz

  • Just popping in

  • Posts: 68

  • Since: 2003/3/28


Sorry about having to bump this topic, but my client is getting itchy about this issue.

If someone can give me a definitive answer about the possibility of controlling multiple logins yes/no either way, then even that would be greatly appreciated.

EVen better does anyone know where I can begin hacking the code for this.

In my wildest dreams, someone already knows how to do what I want, and is willing to tell me.

Some help folks, I need it.

Jose

3
GIJOE
Re: preventing multiple simultaneous logins *URGENT*
  • 2003/10/11 9:43

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


It is not difficult hack, I think.
But this code is not tested.

line 42 in include/checklogin.php
$member_handler =& xoops_gethandler('member');
$myts =& MyTextsanitizer::getInstance();
$user =& $member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));
[
color=ff0000]// start of hack for preventing from multiple logins by GIJ
if( is_object$user ) ) {
    
$online_handler =& xoops_gethandler('online');
    
$online_handler->gc300 ) ;
    
$onlines =& $online_handler->getAll();
    foreach( 
$onlines as $online ) {
p        if( $online['online_uid'] == $user->uid() ) {
            
$user false ;
        }
    }
    if( 
is_object$user ) ) {
        
$online_handler->write($user->uid(), $user->uname(), time(), 0$HTTP_SERVER_VARS['REMOTE_ADDR']);
    }
}
// end of hack by GIJ [/color]
if (false != $user) {
    if (
== $user->getVar('level')) {
        
redirect_header(XOOPS_URL.'/index.php'5_US_NOACTTPADM);
        exit();
    }

This hack doesn't work fine with auto login hack.
And don't forget logout.
If you leave the site by closing browser, You can't login 300 sec.

4
josecruz
Re: preventing multiple simultaneous logins *URGENT*
  • 2003/10/11 12:05

  • josecruz

  • Just popping in

  • Posts: 68

  • Since: 2003/3/28


Tremendous GIJ!!

this is almost exactly what I wanted but I changed the line

$user= false

to

redirect_header(XOOPS_URL.'/user.php',1,_US_MULTLOGIN);

(where I made a new entry in the user.php lang file for "_US_MULTLOGIN")

this way the user knows specifically the cause ofthe login problem. That will be ok, don't you think?

thanks again.

Jose



5
Shine
Re: preventing multiple simultaneous logins *URGENT*
  • 2003/10/11 13:13

  • Shine

  • Just can't stay away

  • Posts: 822

  • Since: 2002/7/22


How are you gonna handle the following after putting in this hack?

You have a news-item or a forumthread in which you refer to specific part of your website. After clicking that link a new window will open. This results in actually being logged in twice.

Lots of examples you can find within this Forum. Within a reply they often place a link to another thread as a referer or whatsoever. By clicking it that link always opens within a new window.

I think putting in your hack this will result in a(nother) problem, wouldn't it ?!

Grtz., Shine

6
josecruz
Re: preventing multiple simultaneous logins *URGENT*
  • 2003/10/11 13:26

  • josecruz

  • Just popping in

  • Posts: 68

  • Since: 2003/3/28


I just tried it Shine, and it doesn't seem to be a problem.

Jose

7
Shine
Re: preventing multiple simultaneous logins *URGENT*
  • 2003/10/11 15:21

  • Shine

  • Just can't stay away

  • Posts: 822

  • Since: 2002/7/22


Thanks for letting me know. Don't get me wrong I am just thinking and talking loudly about this hack, concidering where this hack is meant for and its functionallity......

But 'em,...........if that isn't a problem then the same person still can get logged in twice on the same pc. When the linked referer (within forum or news) is only accessible by members they only need to click on those links to get logged in twice.
Looking at this hack,....Shouldn't there be in those cases also turn up somekind of error msg (that what you've build in) ?

Grtz., Shine

8
sunsnapper
Re: preventing multiple simultaneous logins *URGENT*

Shine,
I think Jose is more worried about people logging in from different computers at the same time, rather than same computer.
In other words, making it harder for someone to share their password with someone somewhere else.
I think.

9
tl
Re: preventing multiple simultaneous logins *URGENT*
  • 2003/10/11 16:36

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


Great hack, thanks GIJ.

In lieu of
redirect_header(XOOPS_URL.'/user.php',1,_US_MULTLOGIN);

Maybe an email to admin noticing the user account of simultaneous login would be even better.

tl

10
Shine
Re: preventing multiple simultaneous logins *URGENT*
  • 2003/10/11 17:11

  • Shine

  • Just can't stay away

  • Posts: 822

  • Since: 2002/7/22


Ah, know I get the picture.
I thought the 2x login hack concerned also from the same pc.....That is why this hack kept me thinkin'

I am not that technical and always curious and eager to learn. As far as my logical thinking reached, this hack didn't (even cannot) prevend logging in twice from the same pc. That is why I kept asking about this hack.

If my asking sounded somewhat offensive, I am sorry, because that wasn't my intension!

Grtz., Shine

Login

Who's Online

173 user(s) are online (121 user(s) are browsing Support Forums)


Members: 0


Guests: 173


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits