PHP realizes that the same account does not allow multiple people to log in at the same time code sharing

When verifying permissions, you must determine whether the session_id written in the database is consistent with the session_id in $_session. If it is inconsistent, exit. This implementation method to prevent the same account from being logged in by multiple people at the same time is based on this session_id.

Be sure to set the session survival time, and the session will be eliminated if you close the page.
If someone else logs in, a new session_id will be written, so that the old user will not be able to verify the permissions. Passed, but the real-time effect cannot be achieved, thus squeezing out old users. There is a flaw here, that is, the database needs to be queried every time the permissions are verified. If possible, it would be better to put this data in redis
In fact, there are other The verification method is similar to this method. There is a verification certificate. However, this method requires querying the database, but it is better to put it behind redis. Or when managing sessions uniformly, it is better to put it in the database. Okay, remember that session_id is also stored in the database, or in memcash. Redis is more convenient. For example, when managing redis, you can directly update the existing session_id

First design the table:

1 id int(11) AUTO_INCREMENT
2 username varchar(20) utf8_general_ci
3 password varchar(20) utf8_general_ci 
4 ip varchar(20) utf8_general_ci
5 session_id varchar(100) utf8_general_ci
6 login_time int(20)

Implementation:

public function aa(){  
  
       session_start();  
        //ini_set('session.auto_start', 0);                    //关闭session自动启动  
        //ini_set('session.cookie_lifetime', 0);//设置session在浏览器关闭时失效  
        //ini_set('session.gc_maxlifetime', 3600);  //session在浏览器未关闭时的持续存活时间  
  
  
       $uname =$_GET['name'];  
       $data['name'] = $uname;  
       $upwd =$_GET['pwd'];  
       $data['pwd'] = $upwd;  
  
       //$data['ip'] = $_SERVER['REMOTE_ADDR'];                   
       //print_r($ipdress);die;  
       //$data['login_time'] = time();//登陆时间更新  
  
       //$data['session_id'] = session_id();  
  
       //$_SESSION['name']=$_GET['name'];  
  
       //$res = M("onlyuser")->add($data);  
       //if($res){  
           //echo "ok";  
       //}else{  
           //echo "false";  
       //}  
  
  
   //开始验证 --防止同一个用户重复登录  
nbsp;$res = M("onlyuser")->where("name = '$uname' AND pwd = '$upwd'")->find();  
  
       if($res){  
                  //    var_dump($s);  
                 //    echo &#39;<br>&#39;;  
                //    echo session_id();  
           if($res[&#39;session_id&#39;] === session_id()){  
               //unset($s[&#39;session_id&#39;]);  
               echo "ok";  
           }  else {  
               $ipdress = $_SERVER[&#39;REMOTE_ADDR&#39;];  
               $login_time = time();  
               $session_id = session_id();//重新赋予一个session_id  
               $sql = "update user set ip = &#39;$ipdress&#39;,login_time= &#39;$login_time&#39;,session_id = &#39;$session_id&#39;";  
               $result1 =mysql_query($sql);  
               // $ss = mysql_fetch_array($result);  
               if($result1){  
                   echo &#39;OK&#39;;  
  
               }  else {  
                   echo &#39;F&#39;;  
               }  
           }  
  
  
  
       }else {  
  
           echo &#39;FFFFFFFFFFFFFFFFFFFFFFF&#39;;  
  
  
       }  
  
   }

Related recommendations:

How to prevent a user name from logging in repeatedly and how to deal with it

The above is the detailed content of PHP realizes that the same account does not allow multiple people to log in at the same time code sharing. For more information, please follow other related articles on the PHP Chinese website!