通常用户登陆,如果没有特别的限定,同一个用户可以同时登陆,今天搞了一个东西限定一个用户不能同时登陆到一个系统上,后登陆者会把前面登陆的踢出来.(有点像QQ,同个帐号不能在多个地方同时在线,后面登陆成功后就把前面登陆的掉线)
sql : 两张表,一张是用户信息,另一张用来保存session
-- -- 数据库: `single_user` -- CREATE TABLE IF NOT EXISTS `session` ( `username` varchar(50) default '', `time` varchar(14) session_id` varchar(200) NOT NULL default '0',1)"> `userid` int(11) PRIMARY KEY (`session_id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE NOT EXISTS `users` ( `userid` int(11) NOT NULL auto_increment,1)"> `username` varchar(255) NOT NULL,1)"> `password` varchar(255) NOT PRIMARY KEY (`userid`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
数据表 session 以session_id 为主键,这个主键是 userid + user name + user login time 的 md5值算出来的. 每次用户登陆的时候就会像session表里插入一条,同时以userid username为条件查询旧的session记录并且删除他,所以当页面判断当前用户是否有效时,是通过$_SESSION数组里面保存在session_id值和数据库里取出来的session_id进行比较,旧的session_id 在此用户第2次登陆时已经被删除,因此找不到,从而被退出系统.
代码部分
1.config.PHP 一些简单的配置,包括数据库的连接
<?PHP $live_site = 'testing'; $session_life = 600; function getConnect() { $db_local = 'localhost'; $db_user = 'root'$db_pwd = 'root'$db_name = 'single_userlogin'; $db_link = MysqLi_connect($db_local,$db_user,1)">$db_pwd,1)">$db_name); if ($db_link) { return ; } return false; }
<?PHP require_once('config.PHP'); $db = getConnect(); if (isset($_POST['username']) && $_POST['password'])) { //处理用户登陆后的数据验证 $query = 'SELECT * FROM `users` WHERE `username`="' . trim($_POST['username']) . '" AND `password`="' .md5( trim( $_POST['password'] ) ) . '"'$result = MysqLi_query($db,1)">$query); $rs_num = MysqLi_num_rows($result$rs_num > 0 ) { 该用户存在 $row = MysqLi_fetch_assoc(); $userid = $row['userid']; $username = $row['username'$logintime = time(); 创建session_id值 $session_id = md5( $userid . $username . $logintime ); 登陆成功后要插入一条记录到session表中 $sql = 'INSERT INTO session SET `time`="'.$logintime.'",`session_id`="'.$session_id.'",`userid`='.$userid.',`username`="'.$username.'"'; MysqLi_query( $sql); echo $sql; echo "<br>"并且要把session表里旧的session_id删除掉 $query = 'DELETE FROM `session` WHERE `userid`=' . $userid . ' AND `username`="' . $username . '" AND `session_id`!="' . $session_id . '"'; $old_session = ; 开启session,把新登陆的用户信息进入$_SESSION中 session_name( $live_site ) ); session_id( $session_id ); session_start(); $_SESSION['session_id'] = $_SESSION['userid'] = $_SESSION['username'] = $_SESSION['logintime'] = echo '<pre>'var_dump($_SESSIONsession_write_close(); echo '<script type="text/javascript">window.location.href="index2.PHP"</script>'; } else { echo '<script type="text/javascript">window.location.href="index.PHP?mosmsg=Username Error"</script>'; } } { 用户登陆框 ?> <form method="post" name="user_login" id="user_login" action="index.PHP"> Username:<input type="text" name="username" id="username" value=""/> <br /> password:<input type="password" name="password" id="password" value=""/> <br /> <input type="submit" name="submit" id="submit" value="Submit"/> </form> <?PHP } ?>
3. index2.PHP 用户成功登陆后需要处理原来上一次该用户的session信息,如果上一次此用户的登陆信息还有效,需要将其删除
<? ) ); (); $_SESSION['userid']; $_SESSION['username'$logintime = $_SESSION['logintime'$session_id = $_SESSION['session_id']; 判断用户是否有登陆 $session_id != ()) { echo "<script>document.location.href='index.PHP?mosmsg=Invalid Session'</script>\n"; exit(); } $session_id == )) { $past = time() - $session_life; 删除已经超时但是记录还存在的记录 $query = "DELETE FROM session" . "\n WHERE time < '" . (int) $past . "'" . "\n AND userid <> 0" ; ); $current_time = (); update session timestamp 更新登陆用户的时间戳 $query = 'UPDATE #__session' . '\n SET time="' . $current_time . '"' . '\n WHERE session_id = "' . 以当前用户登陆后产生的$session_id 来查询 session表里的记录是否存在 //如果不存在那么就跳到登陆页面 $query = "SELECT COUNT( session_id )" . "\n FROM session" . "\n WHERE session_id = '" . $session_id . "'" . "\n AND username = '". $username . "'" . "\n AND userid = ". $userid$session_rs = $session_row = MysqLi_fetch_row($session_rs$session_num = $session_row[0]; $session_num > 0echo 'WELCOME<br / ><a href="logout.PHP">logout</a>'echo "<script>document.location.href='index.PHP?mosmsg=Admin Session Expired'</script>\n" session id does not correspond to required session format ; (); } ?>
4. logout.PHP 退出用户,并且删除 SESSION
<?]; $sql = 'DELETE FROM session WHERE userid='.$userid.' AND username="'.$username.'" AND session_id = "'.$session_id.'"'); session_destroy(); echo "<script>document.location.href='index.PHP'</script>\n"(); ?>
转载:https://www.cnblogs.com/belie8/articles/2196529.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
