通常用户登陆,如果没有特别的限定, 同一个用户可以同时登陆, 今天搞了一个东西限定一个用户不能同时登陆到一个系统上, 后登陆者会把前面登陆的踢出来.(有点像QQ,同个帐号不能在多个地方同时在线, 后面登陆成功后就把前面登陆的掉线)
SQL : 两张表,一张是用户信息,另一张用来保存session
1.
2.--
3.-- 数据库: `single_user`
4.--
5.CREATE TABLE IF NOT EXISTS `session` (
6. `username` varchar(50) default '',
7. `time` varchar(14) default '',
8. `session_id` varchar(200) NOT NULL default '0',
9. `userid` int(11) default '0',
10. PRIMARY KEY (`session_id`)
11.) ENGINE=MyISAM DEFAULT CHARSET=utf8;
12.
13.CREATE TABLE IF NOT EXISTS `users` (
14. `userid` int(11) NOT NULL auto_increment,
15. `username` varchar(255) NOT NULL,
16. `password` varchar(255) NOT NULL,
17. PRIMARY KEY (`userid`)
18.) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
数据表 session 以session_id 为主键, 这个主键是 userid + user name + user login time 的 md5值算出来的. 每次用户登陆的时候就会像session表里插入一条,同时以userid username为条件查询旧的session记录并且删除他,所以当页面判断当前用户是否有效时,是通过$_SESSION数组里面保存在session_id值和数据库里取出来的session_id进行比较, 旧的session_id 在此用户第2次登陆时已经被删除,因此找不到,从而被退出系统.
代码部分
1.config.php 一些简单的配置,包括数据库的连接
1.<?php
2.$live_site = 'testing';
3.$session_life = 600;
4.function getConnect()
5.{
6.$db_local = 'localhost';
7.$db_user = 'root';
8.$db_pwd = '';
9.$db_name = 'single_user';
10.
11.$db_link = mysql_connect($db_local, $db_user, $db_pwd);
12.$rs = mysql_select_db($db_name, $db_link);
13.if ($rs)
14.{
15.return $db_link;
16.}
17.return false;
18.}
19.?>
2. index.php 登陆页面
1.
2.<?php
3.require_once('config.php');
4.$db = getConnect();
5.if (isset($_POST['username']) && isset($_POST['password']))
6.{
7. //处理用户登陆后的数据验证
8. $query = 'SELECT * FROM `users` WHERE `username`="' . trim($_POST['username']) . '" AND `password`="' .md5( trim( $_POST['password'] ) ) . '"';
9. $result = mysql_query($query, $db);
10. $rs_num = mysql_num_rows($result);
11. if ($rs_num > 0 )
12. {
13. //该用户存在
14. $row = mysql_fetch_assoc($result);
15. $userid = $row['userid'];
16. $username = $row['username'];
17. $logintime = time();
18.
19. //创建session_id值
20. $session_id = md5( $userid . $username . $logintime );
21.
22. //登陆成功后要插入一条记录到session表中
23. $sql = 'INSERT INTO session SET `time`="'.$logintime.'", `session_id`="'.$session_id.'", `userid`='.$userid.', `username`="'.$username.'"';
24. mysql_query($sql, $db);
25.
26. //并且要把session表里旧的session_id删除掉
27. $query = 'DELETE FROM `session` WHERE `userid`=' . $userid . ' AND `username`="' . $username . '" AND `session_id`!="' . $session_id . '"';
28. $old_session = mysql_query($query);
29.
30. //开启session, 把新登陆的用户信息进入$_SESSION中
31. session_name( md5( $live_site ) );
32. session_id( $session_id );
33. session_start();
34.
35. $_SESSION['session_id'] = $session_id;
36. $_SESSION['userid'] = $row['userid'];
37. $_SESSION['username'] = $row['username'];
38. $_SESSION['logintime'] = $logintime;
39. session_write_close();
40. echo '<script type="text/javascript">window.location.href="index2.php"</script>';
41. } else {
42. echo '<script type="text/javascript">window.location.href="index.php?mosmsg=Username Error"</script>';
43. }
44.} else {
45. //用户登陆框
46. ?>
47. <form method="post" name="user_login" id="user_login" action="index.php">
48. Username:<input type="text" name="username" id="username" value=""/>
49. <br />
50. password:<input type="password" name="password" id="password" value=""/>
51. <br />
52. <input type="submit" name="submit" id="submit" value="Submit"/>
53. </form>
54.<?php
55.}
56.?>
3. index2.php 用户成功登陆后需要处理原来上一次该用户的session信息, 如果上一次此用户的登陆信息还有效,需要将其删除
1.
2.<?php
3.require_once('config.php');
4.$db = getConnect();
5.session_name( md5( $live_site ) );
6.session_start();
7.
8.$userid = $_SESSION['userid'];
9.$username = $_SESSION['username'];
10.$logintime = $_SESSION['logintime'];
11.$session_id = $_SESSION['session_id'];
12.
13.//判断用户是否有登陆
14.if ($session_id != session_id()) {
15. echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
16. exit();
17.}
18.if ($session_id == md5( $userid . $username . $logintime )) {
19. $past = time() - $session_life;
20.
21. //删除已经超时但是记录还存在的记录
22. $query = "DELETE FROM session"
23. . "\n WHERE time < '" . (int) $past . "'"
24. . "\n AND userid <> 0"
25. ;
26. mysql_query($query);
27. $current_time = time();
28. // update session timestamp 更新登陆用户的时间戳
29. $query = 'UPDATE #__session'
30. . '\n SET time="' . $current_time . '"'
31. . '\n WHERE session_id = "' . $session_id . '"';
32.
33. //以当前用户登陆后产生的$session_id 来查询 session表里的记录是否存在
34. //如果不存在那么就跳到登陆页面
35. $query = "SELECT COUNT( session_id )"
36. . "\n FROM session"
37. . "\n WHERE session_id = '" . $session_id . "'"
38. . "\n AND username = '". $username . "'"
39. . "\n AND userid = ". $userid;
40. $session_rs = mysql_query($query);
41. $session_row = mysql_fetch_row($session_rs);
42. $session_num = $session_row[0];
43. if ($session_num > 0 )
44. {
45. echo 'WELCOME<br / ><a href="logout.php">Logout</a>';
46. } else {
47. echo "<script>document.location.href='index.php?mosmsg=Admin Session Expired'</script>\n";
48. }
49.} else {
50. // session id does not correspond to required session format
51. echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
52. exit();
53.}
54.?>
4. logout.php 退出用户,并且删除 SESSION
1.
2.<?php
3.require_once('config.php');
4.$db = getConnect();
5.session_name( md5( $live_site ) );
6.session_start();
7.
8.$userid = $_SESSION['userid'];
9.$username = $_SESSION['username'];
10.$logintime = $_SESSION['logintime'];
11.$session_id = $_SESSION['session_id'];
12.
13.$sql = 'DELETE FROM session WHERE userid='.$userid.' AND username="'.$username.'" AND session_id = "'.$session_id.'"';
14.mysql_query($sql);
15.session_destroy();
16.echo "<script>document.location.href='index.php'</script>\n";
17.exit();
18.?>