PHP User remote login Reminder implementation code

This time to everyone to bring PHP user remote login Reminder implementation code, PHP users remote login Reminders to realize what the attention, the following is the actual case, together to see.

For high security requirements of the Web site, especially in the background management, sometimes need to identify their own account is stolen or if there is another person logged in the background operation, these will be very insecure, in order to avoid two simultaneous login simultaneous operation, you can force offline an account.

Judging by IP is certainly not possible, because the IP is at any time in a certain network segment changes, but there is a mechanism, happens to solve this, that is, the session, as long as the use of the same browser to access the site, the browser does not close each visitor's session_id is unchanged, This is what is needed to solve this problem.

Take TP framework to build a website backstage as an example, the idea is as follows:

(1) Database user table

In the user table, add a field to `session_id` varchar(32) hold the session_id after login.

(2) User Login

User login, is the normal identification of the account password and verification code, when these are verified through the time, take out the current session_id into the database user table.

M (' user ')->where (array (' ID ' =>$_session[' uid '))->save (Array (' session_id ' =>session_id ()));

(3) Solve the problem of remote login

For background operations, to facilitate authentication and operational security, basic controller Basecontroller is created first, and then other operations controllers in the background inherit the underlying controller. For each step in the background, the detection of the user state is placed in the initialization method of the Basecontroller controller _initialize() .

Now in the _initialize() method, in addition to verifying that the user login status is locked and so on, but also to take out the local session_id and stored in the user table session_id to compare, if not so the table name account in a remote location has landed, this time can force forced offline, back to the login page.

$user = M (' user ')->where (array (' ID ' =>$_session[' uid '))->find (); $session _id = session_id (); if ($user [' session_id ']! = $session _id) {Session_destroy (); $this->error (' Your account is logged in elsewhere, you have been forced to downline ', U (' login '));}

Of course, you can also get to the remote landing IP, give a reminder:

Believe that you have read the case of this article you have mastered the method, more exciting please pay attention to the PHP Chinese network other related articles!

Recommended reading:

PHP callback function and anonymous function use case resolution

Php namespace namespace definition and import use case analysis