What im trying to achieve two condition:
- if user is inactive for more then 10min then logout the user.
2.if user is already login then deny the login for same user still the user logout.
For case-1 (inactive user auto logout) what i have done so far:
$user_id = $_SESSION['user_id'];
$username = $_SESSION['syner'];
$user_role = $_SESSION['user_role'];
$session_id = session_id();
$date = date('d-m-y');
$time = time();
$time_out_session = 600;
$time_out = $time - $time_out_session;
$query = "SELECT * FROM online_users WHERE session_id = '$session_id' AND user_id = '$user_id'";
$send_query = mysqli_query($connection, $query);
if(!$send_query){
die("Send Query Failed. " .mysqli_error($connection));
}
$count = mysqli_num_rows($send_query);
//if row count is null then insert the values in table
if($count == NULL){
$session_insert =
"INSERT INTO online_users(user_id,username,user_role,session_id,time,date)
VALUES($user_id,'$username','$user_role','$session_id','$time',now() )";
$my_query = mysqli_query($connection, $session_insert);
if(!$my_query){
die("Insert Query Failed. " .mysqli_error($connection));
}
}
//set status = ON
$st=mysqli_query($connection, "UPDATE online_users SET status='ON', time = '$time' WHERE session_id = '$session_id' ");
if(!$st){
die("Set ON Query Failed. " .mysqli_errormysqli_error($connection));
}
//as i want to display admin and subscriber online number separately
//count the subscriber user online number
$qt=mysqli_query($connection, "SELECT user_id FROM online_users WHERE status = 'ON' AND time > '$time_out' AND user_role = 'subscriber' ");
$count_user = mysqli_num_rows($qt);
//count the admin user online number
$super=mysqli_query($connection, "SELECT user_id FROM online_users WHERE status = 'ON' AND time > '$time_out' AND user_role = 'admin' ");
$super_user = mysqli_num_rows($super);
//Now this the query im trying for inactive user for logout
$qtrp = mysqli_query($connection, "SELECT * FROM online_users WHERE session_id='$session_id'");
while($role = mysqli_fetch_assoc($qtrp)){
$db_id = $role['user_id'];
$db_name = $role['username'];
$db_role = $role['user_role'];
$db_status = $role['status'];
$db_time = $role['time'];
}
//but this section doest seems to be working
//$time = time();
//$time_out_session = 600;
//$time_out = $time - $time_out_session;
if($db_time < $time_out ){
header("Location: ../admin/includes/logout.php");
}
For case-2 (deny user login if he is already login). now this may not me proper way but its worked for me.so what i did is, while login check for user status (status ON/OFF which set with user count session). so if user status is ON then sent user to logout page, it working fine
so,what im trying to do is, if user already login then prevent him from multiple login. and below submit button i want to display message like user already online please first logout to login the current user
as i have redirect to logout page if user in already login. and from logout page redirect to home page.(login is in sidebar in home-page)
Case-2 code what i have done so far:
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);
$query = "SELECT * FROM users WHERE username = '{$username}'";
$select_user_query = mysqli_query($connection, $query);
if(!$select_user_query){
die("Query Failed. " . mysqli_error($connection));
}
$db_username = '';
$db_user_password = '';
while($row = mysqli_fetch_assoc($select_user_query)){
$db_user_id = $row['user_id'];
$db_username = $row['username'];
$db_user_password = $row['user_password'];
$db_user_firstname = $row['user_firstname'];
$db_user_lastname = $row['user_lastname'];
$db_user_role = $row['user_role'];
}
$password = crypt($password, $db_user_password);
if ($username !== $db_username && $password !== $db_user_password) {
header("Location: ../index.php");
}elseif ($username == $db_username && $password == $db_user_password) {
$_SESSION['user_id'] = $db_user_id;
$_SESSION['syner'] = $db_username;
$_SESSION['firstname'] = $db_user_firstname;
$_SESSION['lastname'] = $db_user_lastname;
$_SESSION['user_role'] = $db_user_role;
//this where im checking for user login status
if status is ON im sending user to logout page
$qt=mysqli_query($connection, "SELECT * FROM online_users WHERE username = '$username' ");
while($role = mysqli_fetch_assoc($qt)){
$db_status = $role['status'];
}
//if user status = ON sent him to logout page.
if ($db_status == 'ON') {
header("Location: ../admin/includes/logout.php");
}else{
header("Location: ../admin");
}
}else{
header("Location: ../index.php");
}
}