Methods for implementing the remote logon reminder function in PHP [Based on the thinkPHP framework] And the reminder function in thinkphp

Methods for implementing the remote logon reminder function in PHP [Based on the thinkPHP framework] And the reminder function in thinkphp

This example describes how to implement the remote logon reminder function in PHP. We will share this with you for your reference. The details are as follows:

For websites with high security requirements, especially backend management, sometimes it is not safe to check whether your account is stolen or whether another user logs on to the backend for operations, to prevent two users from logging on at the same time, you can forcibly deprecate an account.

Of course, it cannot be determined by IP address, because the IP address changes in a certain network segment at any time, but there is a mechanism that happens to solve this problem, that is, session, as long as you access the website using the same browser, the session_id of each visitor is not closed in the browser, which is exactly what is needed to solve this problem.

Taking the website background built by the TP framework as an example, the idea is as follows:

(1) Database User table

Add a field to the user table.`session_id` varchar(32)To store the session_id after logon.

(2) User Logon

When a user logs on, the account password and Verification Code are properly determined. When all the verification results are passed, the current session_id is taken out and saved to the user table of the database.

M('user')->where(array('id'=>$_SESSION['uid']))->save(array('session_id'=>session_id()));

(3) Remote Logon

For background operations, in order to facilitate verification and Operation Security, a basic controller BaseController is created first, and other background operation controllers inherit this basic controller. Before each step in the background, the user status detection is put in the initialization of the BaseController controller._initialize()Method.

Now in_initialize()In addition to verifying whether the user's logon status is locked, the local session_id must be retrieved and compared with the session_id stored in the user table. If not, the table name account will be logged on remotely, at this time, force offline and return to the logon page.

$ User = M ('user')-> where (array ('id' = >$ _ SESSION ['uid'])-> find (); $ session_id = session_id (); if ($ user ['session _ id']! = $ Session_id) {session_destroy (); $ this-> error ('your account is logged on elsewhere, you have been forcibly deprecated ', U ('login '));}

Of course, you can also get the IP address for remote login and give a reminder: