LOG IN RESTRICTION

A place for users and developers of the Xataface to discuss and receive support.

LOG IN RESTRICTION

Postby samhans » Fri Apr 06, 2012 6:23 am

HAI STEVE AND ALL OF MY FRIENDS;

a issue earlier i have tried,now again a question regarding the restriction to log in if the user has logged in from other site.

i have made a after action login trigger which sets a flag as 1 in the users table.

the code is as follows:
$var = mysql_query("update users set flag =1 where username = $username");


as simple. this is doing its work setting the flag. i have another action logout which resets the flag for the logged in user.
suppose the user doesn't logout ,then
i want i should not allow him to log in.

now after this what trigger i should use to check the username and flag. the code is as follows:

$auth =& Dataface_AuthenticationTool::getInstance();
$username = username();

$var2 = mysql_query("select * from users where username = $username and flag =1");
$num = mysql_num_rows($var2);

if (isset($num))
{
header('Location:http://127.0.0.1/leave/error.php');

}

were i put this code so that xataface check the username and flag, before allowing him to login
suggest me some solutions . can anybody help me out..
thanks in advance.
samhans
 
Posts: 96
Joined: Fri Feb 10, 2012 1:22 am

Re: LOG IN RESTRICTION

Postby shannah » Tue Apr 10, 2012 1:48 pm

This strategy is tricky because if the user's browser quits or he closes his browser without logging out, he won't be able to log out (because this would destroy his session) and then he wouldn't be able to log in from anywhere.

Any solution that you have to restrict access from multiple computers MUST include some form of client side token that you can read from the server so that you know if the user is accessing from the same location. This could be using the user's IP address or you could create a special cookie on the user's browser when they log in (and store it on the server) then compare it on each request to make sure that the session is valid.

My recommendation would be to put everything inside the beforeHandleRequest method since this is called on every request. That gives you full flexibility to set the tokens and compare them on subsequent requests.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: LOG IN RESTRICTION

Postby shannah » Tue Apr 10, 2012 1:48 pm

This strategy is tricky because if the user's browser quits or he closes his browser without logging out, he won't be able to log out (because this would destroy his session) and then he wouldn't be able to log in from anywhere.

Any solution that you have to restrict access from multiple computers MUST include some form of client side token that you can read from the server so that you know if the user is accessing from the same location. This could be using the user's IP address or you could create a special cookie on the user's browser when they log in (and store it on the server) then compare it on each request to make sure that the session is valid.

My recommendation would be to put everything inside the beforeHandleRequest method since this is called on every request. That gives you full flexibility to set the tokens and compare them on subsequent requests.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 4 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved