How to prevent Login from two places?

In this wiki I will show how to Disallowing login from multi places. User can login or access their account at time, only single place.

In your models (User class)

/**
	 * session_validate()
	 * Will check if a user has a encrypted key stored in the session array.
	 * If it returns true, user is the same as before
	 * If the method returns false, the session_id is regenerated
	 *
	 * @param {String} $email	The users email adress
	 * @return {boolean} True if valid session, else false
	 */
	
	public function session_validate(  )
	{

		// Encrypt information about this session
		$user_agent = $this->session_hash_string($_SERVER['HTTP_USER_AGENT'], $this->user_email);
	
		// Check for instance of session
		if ( session_exists() == false )
		{
			// The session does not exist, create it
			$this->session_reset($user_agent);
		}
		
		// Match the hashed key in session against the new hashed string
		if ( $this->session_match($user_agent) )
		{
			return true;
		}
		
		// The hashed string is different, reset session
		$this->session_reset($user_agent);
		return false;
	}
	
	/**
	 * session_exists()
	 * Will check if the needed session keys exists.
	 *
	 * @return {boolean} True if keys exists, else false
	 */
	
	private function session_exists()
	{
		return isset($_SESSION['USER_AGENT_KEY']) && isset($_SESSION['INIT']);
	}
	
	/**
	 * session_match()
	 * Compares the session secret with the current generated secret.
	 *
	 * @param {String} $user_agent The encrypted key
	 */
	
	private function session_match( $user_agent )
	{
		// Validate the agent and initiated
		return $_SESSION['USER_AGENT_KEY'] == $user_agent && $_SESSION['INIT'] == true;
	}
	
	/**
	 * session_encrypt()
	 * Generates a unique encrypted string
	 *
	 * @param {String} $user_agent		The http_user_agent constant
	 * @param {String} $unique_string	 Something unique for the user (email, etc)
	 */
	
	private function session_hash_string( $user_agent, $unique_string )
	{
		return md5($user_agent.$unique_string);
	}
	
	/**
	 * session_reset()
	 * Will regenerate the session_id (the local file) and build a new
	 * secret for the user.
	 *
	 * @param {String} $user_agent
	 */
	
	private function session_reset( $user_agent )
	{
		// Create new id
		session_regenerate_id(TRUE);
		$_SESSION = array();
		$_SESSION['INIT'] = true;
		
		// Set hashed http user agent
		$_SESSION['USER_AGENT_KEY'] = $user_agent;
	}
	
	/**
	 * Destroys the session
	 */
	
	private function session_destroy()
	{
		// Destroy session
		session_destroy();
	}

What will do -

Concatenate the user agent with their email adress and md5 it. This is their secret key, store as unique info as possible.
Compare this key for each request and also just check if a session key is true.

Courtesy - Prevent login from two places

0 0

5 followers

Viewed: 20 281 times

Version: 1.1

Category: Tutorials

Tags: Logging, login, LoginForm, muti-login, mutiple login

Written by: Rohit Suthar

Last updated by: Rohit Suthar

Created on: Jun 25, 2014

Last updated: 10 years ago

Update Article

Revisions

View all history

10 years ago by Rohit Suthar
added description
10 years ago by Rohit Suthar

User Contributed Notes 2

#20288

someone could help me with this code.

I created the functions but my users are multi sesion.

Thank you

vitocourt at Jul 31, 2018, 10:54:51 PM

#20289

I want to integrate this code with my UserIdentity

vitocourt at Jul 31, 2018, 11:47:22 PM

Please only use comments to help explain the above article.
If you have any questions, please ask in the forum instead.

Signup or Login in order to comment.

Categories

Popular Tags

Recent Comments

How to prevent Login from two places?

Revisions

Related Articles