PHP code sharing to implement user remote login reminder function

When our QQ logs in from a different place, there will be a message reminder. For web sites with relatively high security requirements, especially backend management, sometimes you need to check whether your account has been stolen or whether another person is logging in at the moment. It will be very unsafe to perform background operations. In order to prevent two people from logging in and operating at the same time, you can force an account to be offline.

Of course it is not possible to judge by IP, because IP will change within a certain network segment at any time, but there is a mechanism that can solve this problem, that is session, as long as you use the same browser to visit the website , the browser does not close the session_id of each visitor and remains unchanged, which is exactly what is needed to solve this problem.

Taking the website background built by TP framework as an example, the idea is as follows:

(1) Database user table

In the user table, add a Field `session_id` varchar(32) is used to store the session_id after login.

(2) User login

User login is to judge the account password and verification code normally. When these are verified, take out the current session_id and save it. In the database user table.

M('user')->where(array('id'=>$_SESSION['uid']))->save(array('session_id'=>session_id()));

(3) Solve the remote login problem

For background operations, in order to facilitate verification and operation security, they will basically be created first A base controller BaseController, and then other operation controllers in the background inherit this base controller. Before each step of the background operation, the detection of the user status is placed in the initialization _initialize() method of the BaseController controller.

Now in the _initialize() method, in addition to verifying whether the user login status is locked, etc., we also need to take out the local session_id and compare it with the session_id stored in the user table. If If the account name is not logged in in another place, you can force it to go offline and return to the login page.

$user = M('user')->where(array('id'=>$_SESSION['uid']))->find();
$session_id = session_id();
if($user['session_id'] != $session_id){
 session_destroy();
 $this->error('您的账号在其他地方登录,您已经被强制下线', U('login'));
}

Of course, you can also get the IP for remote login and give a reminder:

Related recommendations:

Use IP positioning to restrict remote login of website backend accounts

The above is the detailed content of PHP code sharing to implement user remote login reminder function. For more information, please follow other related articles on the PHP Chinese website!