I have 2 ideas, but i'm not sure if they are 'good' solutions.
- Create a session of the current logged username ($_SESSION['username']). Then in your login form, when another person tries to login using that same username, it should prompt them a specific error page or whatever. Do this session checking after the person has completed a valid username/password combo so somethign like this:
// you previous login script here ...
if ($userIsValidated && $username == $_SESSION[$username] {
echo "you can't login twice";
// Or
// header("Location http://domain.com/login_twice_error.php");
exit();
}
// if the above is NOT true grant access
- the other solution i can think of is create a column in you db that states when the user last logged in (lastlogin). Then as the same user tries to login check to see that the user tries to do so within 1 (or specified time) hour they aren't granted access. You can put that lastlogin time in a session too in case you don't want to add another field in the db. the code would be similar to the one above.
The good thing about sessions is that if the user isn't active on your site (within 30 mintues i believe is the default), the session will destroy itself. That way if a user leaves the site and dosn't 'logoff' they can't login for another 30 minutes or so, if they do logoff they can login again immediately if you have used session_destroy();
sijis
