views:

50

answers:

3

I am working on a project that has a requirement such that login details can only be accessed from one machine at one time.

For example, if I grant you access to my website and you login from your home machine, the system will store this settings in a cookie/database. Now if you try the same login details on your work machine or any other machine, the system will not let you log into the system. The login will now only work from home machine.

Any suggestions on how to achieve this would be helpful. Any resources you can point me towards would also be appreciated.

A: 

Well, this is fairly simple with PHP's Sessions.

Use a Session Handler to store the Session Data in the Database in a format like:

Session_ID | User_ID | Session_Data | Timestamp

Then, before you sign someone in, delete all sessions with that User ID


Ooops, I read your question wrong. If you don't want to allow second logins, check if a session with that User_ID already exists and has not expired.

The deleting part works if you want the second login to log the first one out. This is generally the method taken because then no one has to remember to sign out. If you sign in somewhere else, it simply logs out the place you logged in last.

See PHP's session_set_save_handler()

http://us.php.net/manual/en/function.session-set-save-handler.php

Chacha102
Hi Chacha102,Thanks for reply. I will try this out.What I am trying to do is 1) User logs in for the first time -> a cookie/session is set on the machine in which the user logs in from and the user is allowed to login and browse the website.A flag is recorded in the database to notify the system that this particular user is logged in. The cookie is deleted after 2 months 2) If the user then tries to login from a different computer the system will detect(from the flag) that the user is logged in already and will not allow the person to log in.
Sunil Shenoy
A: 

Hmm, I'm not sure that I'm following exactly what you want, but it sounds like once someone logs in at any location, that should be the only location that works for their login in the future? If this is what you're trying to do, you're probably going to run into some trouble with people that don't have static IP addresses eventually. They could be on the same computer, but if their IP address has changed, they won't be able to log in.

But anyway, you can just have an IP address field in the user table, start with it being NULL. When someone tries to log in, check if that field for their username is null. If it is, log them in, and set it to their IP address (PHP variable $_SERVER['REMOTE_ADDR']). If it already had an address set, check that the IP that they're trying to log in from is the same as the one stored there. If it's not, reject the login even if the username/password were correct.

Chad Birch
Hi Chad,Thanks for reply.I am not trying to bind the user login to the IP address. What I am trying to do is 1) User logs in for the first time -> a cookie is set on the machine in which the user logs in from and the user is allowed to login and browse the website.A flag is recorded in the database to notify the system that this particular user is logged in. The cookie is deleted after 2 months 2) If the user then tries to login from a different computer the system will detect(from the flag) that the user is logged in already and will not allow the person to log in.
Sunil Shenoy
A: 

Have an extra date column in your user table called "logintime".

If user sends username/password and there is no "logintime" for that user then allow login after checking password and write the time now into the "logintime".

If "logintime" is already set then disallow login.

Flush "logintime" when it gets to old (2 months in your example).

zaf
Thanks for the help Zaf. I did something similar. I inserted a new column to my database, and checked a flag on successful login and left a cookie on the users computer to mark that computer as a verified computer. A cron job, unchecks the flag the same time the cookie expires(2 months from the time the cookie was installed)
Sunil Shenoy