i use a system like this on my site:
every page includes a file header.inc.php which holds the basic layout for the header section of each page but also calls a self defined function onlineUsers($ip)
all this function does is check if the visitors ip is in a table onlineusers, if so, update it with the current timestamp, if not, add a tup which holds the ip and timestamp.
then you just set a timeout - on my page 5 minutes - and another script counts all entries in the db which have a $timestamp that is
smaller than
time() - $timeOut*60
($timeOut in minutes).
that way you count all users that called a script on your site within the past 5 minutes - that seems to be a pretty good value to avoid losing the persons from your statistics, that browse on one page without reloading it.
the only problem are dynamic ip's - i use cookies that store the usernames too... in fact - you could do the same with the ip, by storing a cookie on the clients pc with a random value, store the same value in the database, and just check the cookie value instead of the ip each time the onlineUsers($cookievalue) is called.
yep - and finally all you have to do, is put this in the header after you got the value out of the database:
if (($numOnlineUsers > $maxOnlineUsers) && !eregi(("^http://www.yourdomain.com", $REFERER)) {
header = ("Location:errorpage.php");
}
that way it only checks visitors that did not come from a page internal site - it only gets executed if the referer is from another server - i.e. when they just entered your site.
