PHP user remote login reminder implementation code

This time I will bring you the code to implement the remote login reminder for PHP users. What are the precautions for implementing the remote login reminder for PHP users? The following is a practical case, let's take a look.

For web websites with relatively high security requirements, especially backend management, sometimes you need to check whether your account has been stolen or whether another person is logged in and performing backend operations at the moment, which will be very unsafe. , in order to prevent two people from logging in and operating at the same time, you can force an account to be offline.

Of course it is not possible to judge by IP, because IP will change within a certain network segment at any time, but there is a mechanism that can solve this problem, that is session, as long as you use the same browser to visit the website , the browser does not close the session_id of each visitor and remains unchanged, which is exactly what is needed to solve this problem.

Taking the website background built by TP framework as an example, the idea is as follows:

(1) Database user table

In the user table, add a Field `session_id` varchar(32) is used to store the session_id after login.

(2)User login

User login is the normal judgment of account password and verification code. When these When all verifications pass, the current session_id is taken out and stored in the user table of the database.

M('user')->where(array('id'=>$_SESSION['uid']))->save(array('session_id'=>session_id()));

(3) Solve the remote login problem

For background operations, in order to facilitate verification and operation security, a basic controller BaseController will be created first, and then the background Other operation controllers inherit this base controller. Before each step of the background operation, the detection of the user status is placed in the initialization _initialize() method of the BaseController controller.

Now in the _initialize() method, in addition to verifying whether the user login status is locked, etc., we also need to take out the local session_id and compare it with the session_id stored in the user table. If If the account with the wrong name is logged in from another place, you can force it to go offline and return to the login page.

$user = M('user')->where(array('id'=>$_SESSION['uid']))->find();
$session_id = session_id();
if($user['session_id'] != $session_id){
 session_destroy();
 $this->error('您的账号在其他地方登录,您已经被强制下线', U('login'));
}

Of course, you can also get the IP for remote login and give a reminder:

I believe you have mastered the method after reading the case in this article, and there will be more exciting things. Please pay attention to other related articles on php Chinese website!

Recommended reading:

PHP callback function and anonymous function use case analysis

PHP namespace namespace definition and import use case analysis

The above is the detailed content of PHP user remote login reminder implementation code. For more information, please follow other related articles on the PHP Chinese website!