how do i stop multiple user login with same email and password once user already logged

Question

i need help how do i stop multiple user login with same email and password once the user already logged into the website i have website but in my website i have two kinds of membership subscription free or paid free users can try to login from multiple device's or pc's or browsers no problem with free users.

but now problem is that i want to restrict the paid users because paid users shouldn't only login from multiple devices or pc or browser after paid user login from anywhere .. while paid user try to login then system should automatically logout paid user from previous browser or devices or pc?

Example*

if paid user already login from chrome and user trying to login from firefox
then system should automatically destroy first session which is created 
from chrome. then allow paid users to use their account in firefox.

Here My Test Script

Index.php

<form action="verifylog.php" method="post">
<input type="text" name="email1" /><br />
<input type="password" name="password1" /><br />
<input type="submit" value="Submit" />
</form>

Verifylog.php

session_start();
include('config.php');
if(empty($_POST['email1']))
{
header('Location:index.php');   
}
$email=$_POST['email1'];
$password=$_POST['password1'];

$querymysql=mysql_query("select * from users where uemail='$email' 
and upass='$password'") or die ("query problem");

$row=mysql_fetch_array($querymysql);
$db_email1=$row['uemail'];
$db_pass=$row['upass'];
$db_status=$row['ustatus'];

if($row>0){

$_SESSION['new_email']=$db_email1;
$_SESSION['new_pass']=$db_pass;
$_SESSION['new_status']=$db_status;

$_SESSION['logged_in'] = 'active';

if(isset($_SESSION['logged_in']) || !empty($_POST['email1']) )
{

$query_time=mysql_query("UPDATE users SET ustatus='".$_SESSION['logged_in']."'
WHERE uemail='".$email."'");

header('Location:test.php');

}
}

if($db_status==$_SESSION['logged_in'])
{
header("location:logout.php");  
}
else 
{
$msg="please check your email and password";    
$_SESSION['error_msg']=$msg;
header('Location:index.php?error='.$_SESSION['error_msg'].'');

}

Test.php

<?php 
$querymysql=mysql_query("select * from users 
where  uemail='".$_SESSION['new_email']."'") or die ("query problem");
$row=mysql_fetch_array($querymysql);
?>

Hello Mr. <?php echo $row['uemail']; ?> <br />
Your Email Is &nbsp; <?php echo $row['uemail']; ?> <br />
Your Password Is &nbsp; <?php echo $row['upass']; ?> <br />
Your Status Is &nbsp; <?php echo $row['ustatus']; ?> <br />
Here Your Can Logout Your Account: <a href="logout.php">Click Here</a>

Logout.php

<?php 
session_start();
include('config.php');

if(!empty($_SESSION['logged_in']) || !empty($_POST['email1']) )
{
session_destroy();
$query_time=mysql_query("UPDATE users SET ustatus='inactive' 
    WHERE uemail='".$_SESSION['new_email']."'");

header("location:index.php");
}
?>

Thank You All I Have Completed My Script

Here My Completed If Any Web Developer Need It

how to prevent multiple user login with same email and password once user 
already logged from multiple pc or browsers

Index.php

<form action="verifylog.php" method="post">
<input type="text" name="email1" /><br />
<input type="password" name="password1" /><br />
<input type="submit" value="Submit" />
</form>

Verifylog.php

session_start();
include('config.php');
if(empty($_POST['email1']))
{
header('Location:index.php');   
}
$email=$_POST['email1'];
$password=$_POST['password1'];

$querymysql=mysql_query("select * from users where uemail='$email' 
and upass='$password'") or die ("query problem");
$row=mysql_fetch_array($querymysql);

$db_email1=$row['uemail'];
$db_pass=$row['upass'];
$db_status=$row['ustatus'];
$db_sessionid=$row['session_id'];


$old_sessionid = session_id();
$new_sessionid = session_regenerate_id(true);
$_SESSION['newregid']=$new_sessionid;
$_SESSION['odlregid']=$old_sessionid;

$_SESSION['new_email']=$db_email1;
$_SESSION['new_pass']=$db_pass;
$_SESSION['new_status']=$db_status;


if(!empty($old_sessionid))
{

$query_time=mysql_query("UPDATE users SET session_id='".$old_sessionid."' 
WHERE uemail='".$email."'");

header('Location:test.php');
}

else if($db_sessionid!=$_SESSION['odlregid'])
{

$query_time=mysql_query("UPDATE users SET session_id='".$new_sessionid."' 
WHERE uemail='".$email."'");
header('Location:test.php');
}

Test.php

<?php 
$querymysql=mysql_query("select * from users 
    where uemail='".$_SESSION['new_email']."'") or die ("query problem");
$row=mysql_fetch_array($querymysql);
$new_id=$row['session_id'];

if($new_id!=$_SESSION['odlregid']){

unset($_SESSION['odlregid']);
session_destroy();
header("location:index.php");

} else { ?>

Hello Mr. <?php echo $row['uemail']; ?> <br />
Your Email Is &nbsp; <?php echo $row['uemail']; ?> <br />
Your Password Is &nbsp; <?php echo $row['upass']; ?> <br />
Your Status Is &nbsp; <?php echo $row['ustatus']; ?> <br />
Your Session_Id Is &nbsp; <?php echo $row['session_id']; ?> <br />
Here Your Can Logout Your Account: <a href="logout.php">Click Here</a>

<?php }?>

Logout.php

    <?php 
session_start();
include('config.php');  
header("location:index.php");   
?>

score 1 · Answer 1 · answered Jun 26 '14 at 16:40

1

Put the session id in your database with the user and write a new session id at each login. As part of your select statement check use the session_id as a criteria and any defunct sessions will no longer be valid.

answered Jun 26 '14 at 16:40

Mike Miller

3,071
3
25
32

sorry im new user of php can you completed my script or give me example thank you – Jun 26 '14 at 16:42
use the function session_id() after session_start() and write that value to your users table. Then change your test.php query to : "select * from users where uemail='$email' and upass='$password'" and session_id = '.session_id() – Mike Miller Jun 26 '14 at 16:46
but how i can destroy first session from chrom then and let user continue with firefox ? – Jun 26 '14 at 16:48
each will have a unique id so the users table will only store one - the most recent one you created. if the sql query comes back with no rows you can issue session_destroy() – Mike Miller Jun 26 '14 at 16:50
please mike im confusing do you have time so please modify my script and teach me thank you – Jun 26 '14 at 16:52
In test.php put if(count($row)==1){//show your html}else{//session_destroy()} – Mike Miller Jun 26 '14 at 16:52
in the verifylog.php i put this condition `if($db_id==$log_id) { session_destroy(); }` and in test.php i used this condition ` if(count($row)==1){//show your html}else{//session_destroy()}` – Jun 26 '14 at 16:58

score 1 · Answer 2 · answered Jun 26 '14 at 16:53

This is one easy way of doing it which you can try:-

1.)Store browser_name & mac_address along with username,password,status(1->loggedin;0->notloggedin) column in the table.

2.)At the time of log in,save a cookie with username,browser_name,mac_address,status & also update same values in table columns.

Before page loads, check this -

3.)On every page's header,get username,browser_name,mac_address from db and match it with values stored in cookie.If matches then continue session,if not end session.

Whenever user tries to log in from chrome,it will update the values in db and if a page refresh occurs on Firefox the values of cookie and db wont match resulting in automatic log out.Hope this helps.

Or you can do it with storing & matching a randomly generated unique session id.

i have updated script with `session_id` and stored session_id stored in db but now im confused how to destory first session which is created from chrome after again login from firefox? — , Jun 26 '14 at 17:02
-Forget session_id,follow steps 1,2&3. It will get your work done. -before each page load you have to check cookie value and db value. — arp, Jun 26 '14 at 17:06

score 1 · Answer 3 · answered Jan 12 '17 at 06:58

1

Your answer is almost correct but their is some mistakes and below are the changes need to add into your files:

1)Test.php

session_start();
include('config.php');

2)Logout.php

session_start();
unset($_SESSION['odlregid']);
session_destroy();

answered Jan 12 '17 at 06:58

StudyBoy

11
2

score 0 · Answer 4 · answered Jun 26 '14 at 16:41

0

I am not sure this will work, but you could save the session variable in your database for paid users. If they login again unset that session first and create a new one.

answered Jun 26 '14 at 16:41

web_student

186
3
16

score 0 · Answer 5 · edited May 23 '17 at 11:33

0

Save PHP Session in database. You can refer the details here PHP sessions in Database
Link user session with session ID in database and from front end, trigger an ajax call which keeps checking validity of session.
If at any point of time this validity breaks then force logout and show some message to user that you have logged into another device/browser.

edited May 23 '17 at 11:33

Community

1
1

answered Jun 26 '14 at 16:54

techiefighter

1
1

do you have example bcz off im new user of web developer? – Jun 26 '14 at 16:59

how do i stop multiple user login with same email and password once user already logged

5 Answers5

Linked