通常用户登陆,如果没有特别的限定, 同一个用户可以同时登陆, 今天搞了一个东西限定一个用户不能同时登陆到一个系统上, 后登陆者会把前面登陆的踢出来.(有点像QQ,同个帐号不能在多个地方同时在线, 后面登陆成功后就把前面登陆的掉线)
SQL : 两张表,一张是用户信息,另一张用来保存session
-- -- 数据库: `single_user` -- CREATE TABLE IF NOT EXISTS `session` ( `username` varchar(50) default '', `time` varchar(14) default '', `session_id` varchar(200) NOT NULL default '0', `userid` int(11) default '0', PRIMARY KEY (`session_id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `users` ( `userid` int(11) NOT NULL auto_increment, `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, PRIMARY KEY (`userid`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
数据表 session 以session_id 为主键, 这个主键是 userid + user name + user login time 的 md5值算出来的. 每次用户登陆的时候就会像session表里插入一条,同时以userid username为条件查询旧的session记录并且删除他,所以当页面判断当前用户是否有效时,是通过$_SESSION数组里面保存在session_id值和数据库里取出来的session_id进行比较, 旧的session_id 在此用户第2次登陆时已经被删除,因此找不到,从而被退出系统.
代码部分
1.config.php 一些简单的配置,包括数据库的连接
<?php $live_site = 'testing'; $session_life = 600; function getConnect() { $db_local = 'localhost'; $db_user = 'root'; $db_pwd = 'root'; $db_name = 'single_userlogin'; $db_link = mysqli_connect($db_local, $db_user, $db_pwd,$db_name); if ($db_link) { return $db_link; } return false; }
2. index.php 登陆页面
<?php require_once('config.php'); $db = getConnect(); if (isset($_POST['username']) && isset($_POST['password'])) { //处理用户登陆后的数据验证 $query = 'SELECT * FROM `users` WHERE `username`="' . trim($_POST['username']) . '" AND `password`="' .md5( trim( $_POST['password'] ) ) . '"'; $result = mysqli_query($db,$query); $rs_num = mysqli_num_rows($result); if ($rs_num > 0 ) { //该用户存在 $row = mysqli_fetch_assoc($result); $userid = $row['userid']; $username = $row['username']; $logintime = time(); //创建session_id值 $session_id = md5( $userid . $username . $logintime ); //登陆成功后要插入一条记录到session表中 $sql = 'INSERT INTO session SET `time`="'.$logintime.'", `session_id`="'.$session_id.'", `userid`='.$userid.', `username`="'.$username.'"'; mysqli_query( $db, $sql); echo $sql; echo "<br>"; //并且要把session表里旧的session_id删除掉 $query = 'DELETE FROM `session` WHERE `userid`=' . $userid . ' AND `username`="' . $username . '" AND `session_id`!="' . $session_id . '"'; $old_session = mysqli_query($db,$query); echo $query; //开启session, 把新登陆的用户信息进入$_SESSION中 session_name( md5( $live_site ) ); session_id( $session_id ); session_start(); $_SESSION['session_id'] = $session_id; $_SESSION['userid'] = $row['userid']; $_SESSION['username'] = $row['username']; $_SESSION['logintime'] = $logintime; echo '<pre>'; var_dump($_SESSION); session_write_close(); echo '<script type="text/javascript">window.location.href="index2.php"</script>'; } else { echo '<script type="text/javascript">window.location.href="index.php?mosmsg=Username Error"</script>'; } } else { //用户登陆框 ?> <form method="post" name="user_login" id="user_login" action="index.php"> Username:<input type="text" name="username" id="username" value=""/> <br /> password:<input type="password" name="password" id="password" value=""/> <br /> <input type="submit" name="submit" id="submit" value="Submit"/> </form> <?php } ?>
3. index2.php 用户成功登陆后需要处理原来上一次该用户的session信息, 如果上一次此用户的登陆信息还有效,需要将其删除
<?php require_once('config.php'); $db = getConnect(); session_name( md5( $live_site ) ); session_start(); $userid = $_SESSION['userid']; $username = $_SESSION['username']; $logintime = $_SESSION['logintime']; $session_id = $_SESSION['session_id']; //判断用户是否有登陆 if ($session_id != session_id()) { echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script> "; exit(); } if ($session_id == md5( $userid . $username . $logintime )) { $past = time() - $session_life; //删除已经超时但是记录还存在的记录 $query = "DELETE FROM session" . " WHERE time < '" . (int) $past . "'" . " AND userid <> 0" ; mysqli_query($db,$query); $current_time = time(); // update session timestamp 更新登陆用户的时间戳 $query = 'UPDATE #__session' . ' SET time="' . $current_time . '"' . ' WHERE session_id = "' . $session_id . '"'; //以当前用户登陆后产生的$session_id 来查询 session表里的记录是否存在 //如果不存在那么就跳到登陆页面 $query = "SELECT COUNT( session_id )" . " FROM session" . " WHERE session_id = '" . $session_id . "'" . " AND username = '". $username . "'" . " AND userid = ". $userid; $session_rs = mysqli_query($db,$query); $session_row = mysqli_fetch_row($session_rs); $session_num = $session_row[0]; if ($session_num > 0 ) { echo 'WELCOME<br / ><a href="logout.php">Logout</a>'; } else { echo "<script>document.location.href='index.php?mosmsg=Admin Session Expired'</script> "; } } else { // session id does not correspond to required session format echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script> "; exit(); } ?>
4. logout.php 退出用户,并且删除 SESSION
<?php require_once('config.php'); $db = getConnect(); session_name( md5( $live_site ) ); session_start(); $userid = $_SESSION['userid']; $username = $_SESSION['username']; $logintime = $_SESSION['logintime']; $session_id = $_SESSION['session_id']; $sql = 'DELETE FROM session WHERE userid='.$userid.' AND username="'.$username.'" AND session_id = "'.$session_id.'"'; mysqli_query($db,$sql); session_destroy(); echo "<script>document.location.href='index.php'</script> "; exit(); ?>
转载:https://www.cnblogs.com/belie8/articles/2196529.html