php同个用户同时只能登陆一个, 后登陆者踢掉前登陆者
通常用户登陆,如果没有特别的限定, 同一个用户可以同时登陆, 今天搞了一个东西限定一个用户不能同时登陆到一个系统上, 后登陆者会把前面登陆的踢出来.(有点像QQ,同个帐号不能在多个地方同时在线, 后面登陆成功后就把前面登陆的掉线)
SQL : 两张表,一张是用户信息,另一张用来保存session
- --
- -- 数据库: `single_user`
- --
- CREATE TABLE IF NOT EXISTS `session` (
- `username` varchar(50) default '',
- `time` varchar(14) default '',
- `session_id` varchar(200) NOT NULL default '0',
- `userid` int(11) default '0',
- PRIMARY KEY (`session_id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- CREATE TABLE IF NOT EXISTS `users` (
- `userid` int(11) NOT NULL auto_increment,
- `username` varchar(255) NOT NULL,
- `password` varchar(255) NOT NULL,
- PRIMARY KEY (`userid`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
复制代码
数据表 session 以session_id 为主键, 这个主键是 userid + user name + user login time 的 md5值算出来的. 每次用户登陆的时候就会像session表里插入一条,同时以userid username为条件查询旧的session记录并且删除他,所以当页面判断当前用户是否有效时,是通过$_SESSION数组里面保存在session_id值和数据库里取出来的session_id进行比较, 旧的session_id 在此用户第2次登陆时已经被删除,因此找不到,从而被退出系统.
代码部分
1.config.php 一些简单的配置,包括数据库的连接
- <?php
- $live_site = 'testing';
- $session_life = 600;
- function getConnect()
- {
- $db_local = 'localhost';
- $db_user = 'root';
- $db_pwd = '';
- $db_name = 'single_user';
- $db_link = mysql_connect($db_local, $db_user, $db_pwd);
- $rs = mysql_select_db($db_name, $db_link);
- if ($rs)
- {
- return $db_link;
- }
- return false;
- }
- ?>
复制代码
2. index.php 登陆页面
- <?php
- require_once('config.php');
- $db = getConnect();
- if (isset($_POST['username']) && isset($_POST['password']))
- {
- //处理用户登陆后的数据验证
- $query = 'SELECT * FROM `users` WHERE `username`="' . trim($_POST['username']) . '" AND `password`="' .md5( trim( $_POST['password'] ) ) . '"';
- $result = mysql_query($query, $db);
- $rs_num = mysql_num_rows($result);
- if ($rs_num > 0 )
- {
- //该用户存在
- $row = mysql_fetch_assoc($result);
- $userid = $row['userid'];
- $username = $row['username'];
- $logintime = time();
-
- //创建session_id值
- $session_id = md5( $userid . $username . $logintime );
-
- //登陆成功后要插入一条记录到session表中
- $sql = 'INSERT INTO session SET `time`="'.$logintime.'", `session_id`="'.$session_id.'", `userid`='.$userid.', `username`="'.$username.'"';
- mysql_query($sql, $db);
-
- //并且要把session表里旧的session_id删除掉
- $query = 'DELETE FROM `session` WHERE `userid`=' . $userid . ' AND `username`="' . $username . '" AND `session_id`!="' . $session_id . '"';
- $old_session = mysql_query($query);
- //开启session, 把新登陆的用户信息进入$_SESSION中
- session_name( md5( $live_site ) );
- session_id( $session_id );
- session_start();
- $_SESSION['session_id'] = $session_id;
- $_SESSION['userid'] = $row['userid'];
- $_SESSION['username'] = $row['username'];
- $_SESSION['logintime'] = $logintime;
- session_write_close();
- echo '<script type="text/javascript">window.location.href="index2.php"</script>';
- } else {
- echo '<script type="text/javascript">window.location.href="index.php?mosmsg=Username Error"</script>';
- }
- } else {
- //用户登陆框
- ?>
- <form method="post" name="user_login" id="user_login" action="index.php">
- Username:<input type="text" name="username" id="username" value=""/>
- <br />
- password:<input type="password" name="password" id="password" value=""/>
- <br />
- <input type="submit" name="submit" id="submit" value="Submit"/>
- </form>
- <?php
- }
- ?>
复制代码
3. index2.php 用户成功登陆后需要处理原来上一次该用户的session信息, 如果上一次此用户的登陆信息还有效,需要将其删除
- <?php
- require_once('config.php');
- $db = getConnect();
- session_name( md5( $live_site ) );
- session_start();
- $userid = $_SESSION['userid'];
- $username = $_SESSION['username'];
- $logintime = $_SESSION['logintime'];
- $session_id = $_SESSION['session_id'];
- //判断用户是否有登陆
- if ($session_id != session_id()) {
- echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
- exit();
- }
- if ($session_id == md5( $userid . $username . $logintime )) {
- $past = time() - $session_life;
-
- //删除已经超时但是记录还存在的记录
- $query = "DELETE FROM session"
- . "\n WHERE time < '" . (int) $past . "'"
- . "\n AND userid <> 0"
- ;
- mysql_query($query);
- $current_time = time();
- // update session timestamp 更新登陆用户的时间戳
- $query = 'UPDATE #__session'
- . '\n SET time="' . $current_time . '"'
- . '\n WHERE session_id = "' . $session_id . '"';
-
- //以当前用户登陆后产生的$session_id 来查询 session表里的记录是否存在
- //如果不存在那么就跳到登陆页面
- $query = "SELECT COUNT( session_id )"
- . "\n FROM session"
- . "\n WHERE session_id = '" . $session_id . "'"
- . "\n AND username = '". $username . "'"
- . "\n AND userid = ". $userid;
- $session_rs = mysql_query($query);
- $session_row = mysql_fetch_row($session_rs);
- $session_num = $session_row[0];
- if ($session_num > 0 )
- {
- echo 'WELCOME<br / ><a href="logout.php">Logout</a>';
- } else {
- echo "<script>document.location.href='index.php?mosmsg=Admin Session Expired'</script>\n";
- }
- } else {
- // session id does not correspond to required session format
- echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
- exit();
- }
- ?>
复制代码
4. logout.php 退出用户,并且删除 SESSION
- <?php
- require_once('config.php');
- $db = getConnect();
- session_name( md5( $live_site ) );
- session_start();
- $userid = $_SESSION['userid'];
- $username = $_SESSION['username'];
- $logintime = $_SESSION['logintime'];
- $session_id = $_SESSION['session_id'];
- $sql = 'DELETE FROM session WHERE userid='.$userid.' AND username="'.$username.'" AND session_id = "'.$session_id.'"';
- mysql_query($sql);
- session_destroy();
- echo "<script>document.location.href='index.php'</script>\n";
- exit();
- ?>
复制代码 
