how do i stop multiple user login with same email and password once user already logged

10,727

Solution 1

Put the session id in your database with the user and write a new session id at each login. As part of your select statement check use the session_id as a criteria and any defunct sessions will no longer be valid.

Solution 2

This is one easy way of doing it which you can try:-

1.)Store browser_name & mac_address along with username,password,status(1->loggedin;0->notloggedin) column in the table.

2.)At the time of log in,save a cookie with username,browser_name,mac_address,status & also update same values in table columns.

Before page loads, check this -

3.)On every page's header,get username,browser_name,mac_address from db and match it with values stored in cookie.If matches then continue session,if not end session.

Whenever user tries to log in from chrome,it will update the values in db and if a page refresh occurs on Firefox the values of cookie and db wont match resulting in automatic log out.Hope this helps.

Or you can do it with storing & matching a randomly generated unique session id.

Solution 3

Your answer is almost correct but their is some mistakes and below are the changes need to add into your files:

1)Test.php

session_start();
include('config.php');

2)Logout.php

session_start();
unset($_SESSION['odlregid']);
session_destroy();
Share:
10,727
Admin
Author by

Admin

Updated on June 04, 2022

Comments

  • Admin
    Admin over 1 year

    i need help how do i stop multiple user login with same email and password once the user already logged into the website i have website but in my website i have two kinds of membership subscription free or paid free users can try to login from multiple device's or pc's or browsers no problem with free users.

    but now problem is that i want to restrict the paid users because paid users shouldn't only login from multiple devices or pc or browser after paid user login from anywhere .. while paid user try to login then system should automatically logout paid user from previous browser or devices or pc?

    Example*

    if paid user already login from chrome and user trying to login from firefox
    then system should automatically destroy first session which is created 
    from chrome. then allow paid users to use their account in firefox.
    

    Here My Test Script

    Index.php

    <form action="verifylog.php" method="post">
    <input type="text" name="email1" /><br />
    <input type="password" name="password1" /><br />
    <input type="submit" value="Submit" />
    </form>
    

    Verifylog.php

    session_start();
    include('config.php');
    if(empty($_POST['email1']))
    {
    header('Location:index.php');   
    }
    $email=$_POST['email1'];
    $password=$_POST['password1'];
    
    $querymysql=mysql_query("select * from users where uemail='$email' 
    and upass='$password'") or die ("query problem");
    
    $row=mysql_fetch_array($querymysql);
    $db_email1=$row['uemail'];
    $db_pass=$row['upass'];
    $db_status=$row['ustatus'];
    
    if($row>0){
    
    $_SESSION['new_email']=$db_email1;
    $_SESSION['new_pass']=$db_pass;
    $_SESSION['new_status']=$db_status;
    
    $_SESSION['logged_in'] = 'active';
    
    if(isset($_SESSION['logged_in']) || !empty($_POST['email1']) )
    {
    
    $query_time=mysql_query("UPDATE users SET ustatus='".$_SESSION['logged_in']."'
    WHERE uemail='".$email."'");
    
    header('Location:test.php');
    
    }
    }
    
    if($db_status==$_SESSION['logged_in'])
    {
    header("location:logout.php");  
    }
    else 
    {
    $msg="please check your email and password";    
    $_SESSION['error_msg']=$msg;
    header('Location:index.php?error='.$_SESSION['error_msg'].'');
    
    }
    

    Test.php

    <?php 
    $querymysql=mysql_query("select * from users 
    where  uemail='".$_SESSION['new_email']."'") or die ("query problem");
    $row=mysql_fetch_array($querymysql);
    ?>
    
    Hello Mr. <?php echo $row['uemail']; ?> <br />
    Your Email Is &nbsp; <?php echo $row['uemail']; ?> <br />
    Your Password Is &nbsp; <?php echo $row['upass']; ?> <br />
    Your Status Is &nbsp; <?php echo $row['ustatus']; ?> <br />
    Here Your Can Logout Your Account: <a href="logout.php">Click Here</a>
    

    Logout.php

    <?php 
    session_start();
    include('config.php');
    
    if(!empty($_SESSION['logged_in']) || !empty($_POST['email1']) )
    {
    session_destroy();
    $query_time=mysql_query("UPDATE users SET ustatus='inactive' 
        WHERE uemail='".$_SESSION['new_email']."'");
    
    header("location:index.php");
    }
    ?>
    

    Thank You All I Have Completed My Script

    Here My Completed If Any Web Developer Need It

    how to prevent multiple user login with same email and password once user 
    already logged from multiple pc or browsers
    

    Index.php

    <form action="verifylog.php" method="post">
    <input type="text" name="email1" /><br />
    <input type="password" name="password1" /><br />
    <input type="submit" value="Submit" />
    </form>
    

    Verifylog.php

    session_start();
    include('config.php');
    if(empty($_POST['email1']))
    {
    header('Location:index.php');   
    }
    $email=$_POST['email1'];
    $password=$_POST['password1'];
    
    $querymysql=mysql_query("select * from users where uemail='$email' 
    and upass='$password'") or die ("query problem");
    $row=mysql_fetch_array($querymysql);
    
    $db_email1=$row['uemail'];
    $db_pass=$row['upass'];
    $db_status=$row['ustatus'];
    $db_sessionid=$row['session_id'];
    
    
    $old_sessionid = session_id();
    $new_sessionid = session_regenerate_id(true);
    $_SESSION['newregid']=$new_sessionid;
    $_SESSION['odlregid']=$old_sessionid;
    
    $_SESSION['new_email']=$db_email1;
    $_SESSION['new_pass']=$db_pass;
    $_SESSION['new_status']=$db_status;
    
    
    if(!empty($old_sessionid))
    {
    
    $query_time=mysql_query("UPDATE users SET session_id='".$old_sessionid."' 
    WHERE uemail='".$email."'");
    
    header('Location:test.php');
    }
    
    else if($db_sessionid!=$_SESSION['odlregid'])
    {
    
    $query_time=mysql_query("UPDATE users SET session_id='".$new_sessionid."' 
    WHERE uemail='".$email."'");
    header('Location:test.php');
    }
    

    Test.php

    <?php 
    $querymysql=mysql_query("select * from users 
        where uemail='".$_SESSION['new_email']."'") or die ("query problem");
    $row=mysql_fetch_array($querymysql);
    $new_id=$row['session_id'];
    
    if($new_id!=$_SESSION['odlregid']){
    
    unset($_SESSION['odlregid']);
    session_destroy();
    header("location:index.php");
    
    } else { ?>
    
    Hello Mr. <?php echo $row['uemail']; ?> <br />
    Your Email Is &nbsp; <?php echo $row['uemail']; ?> <br />
    Your Password Is &nbsp; <?php echo $row['upass']; ?> <br />
    Your Status Is &nbsp; <?php echo $row['ustatus']; ?> <br />
    Your Session_Id Is &nbsp; <?php echo $row['session_id']; ?> <br />
    Here Your Can Logout Your Account: <a href="logout.php">Click Here</a>
    
    <?php }?>
    

    Logout.php

        <?php 
    session_start();
    include('config.php');  
    header("location:index.php");   
    ?>
    
  • Admin
    Admin over 9 years
    sorry im new user of php can you completed my script or give me example thank you
  • Mike Miller
    Mike Miller over 9 years
    use the function session_id() after session_start() and write that value to your users table. Then change your test.php query to : "select * from users where uemail='$email' and upass='$password'" and session_id = '.session_id()
  • Admin
    Admin over 9 years
    but how i can destroy first session from chrom then and let user continue with firefox ?
  • Mike Miller
    Mike Miller over 9 years
    each will have a unique id so the users table will only store one - the most recent one you created. if the sql query comes back with no rows you can issue session_destroy()
  • Admin
    Admin over 9 years
    please mike im confusing do you have time so please modify my script and teach me thank you
  • Mike Miller
    Mike Miller over 9 years
    In test.php put if(count($row)==1){//show your html}else{//session_destroy()}
  • Admin
    Admin over 9 years
    in the verifylog.php i put this condition if($db_id==$log_id) { session_destroy(); } and in test.php i used this condition ` if(count($row)==1){//show your html}else{//session_destroy()}`
  • Admin
    Admin over 9 years
    do you have example bcz off im new user of web developer?
  • Admin
    Admin over 9 years
    i have updated script with session_id and stored session_id stored in db but now im confused how to destory first session which is created from chrome after again login from firefox?
  • arp
    arp over 9 years
    -Forget session_id,follow steps 1,2&3. It will get your work done. -before each page load you have to check cookie value and db value.