I am trying to implement a login solution that would only allow a user account to be logged-in to my application once (prevent multiple logins by sharing usernames and passwords).
I read posts on this forum (http://www.asprunner.com/forums/topic/10784-preventing-users-sharing-a-user-login/pagep37317hlsharingfromsearch1&#entry37317) that recommended I save the session_id value to the users table, then used that value to check against the logged in user. I understand the solution and was able to implement it, however, I am wondering if there is a way for me to include my code in only one event page that gets read by all pages, or do I have to manually add the same code to each page by using the "After Table Initialized" event.
I tried placing my code in the "After Application Initialized" but I get the following error:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in C:\wamp\www\iPhone_V3\include\dbconnection.php on line 34
Fatal error: in C:\wamp\www\iPhone_V3\include\dbconnection.php on line 36
However, I don't get this error when I used it in the "After Table Initialize". So there is obviously something related to "timing" of when that event kicks in (or so I think).
Anyhow, here is what I did:
In the "After Successful login" global event I added this:
-----
//Set the SessionID in the users_table
Global $conn;
$strUpdate = "
UPDATE
users_tbl
SET
Session_ID = '". session_id() . "'
WHERE
User_ID =" . $data["User_ID"];
CustomQuery($strUpdate);
$_SESSION["User_ID"] = $data["User_ID"];
$_SESSION["CurrentSession"] = session_id();
-----
Then in the "After Table Initialized" event for each table:
----
global $conn;
$sql = "SELECT * FROM users_tbl where User_ID=".$_SESSION["User_ID"];
$rs = db_query($sql,$conn);
$data = db_fetch_array($rs);
if ($data["Session_ID"] != session_id())
{
header("Location: login.php");
exit();
}
else
{return true;};
-----
This works... but I am looking for a way to include the "After Table Initialized" code in the "After Application Initialized" so I only have it written in one place (instead of in every table).
I tried a few things in the After Application Initialized event such as adding an IF statement to check whether there was a user logged-in by checking if the $_SESSION["User_ID"] was empty and to only run my code if it wasn't... but this did not work. I still got the error message as I showed to you in above in this email.
Thanks in advance for giving me some guidance on how to accomplish the goal of only allowing one user account to be logged in at a time (meaning, not allowing account info to be shared).
Cheers,