PHP Login System with Admin Features

This forum was created to talk about the PHP Login System with admin features created by jpmaster77 on evolt's website


    Automatically log out inactive users

    Share
    avatar
    Linchpin311

    Number of posts : 220
    Age : 32
    Localisation : Long Island
    Registration date : 2007-05-14

    Automatically log out inactive users

    Post  Linchpin311 on Thu Nov 20, 2008 5:14 pm

    I have been using this script for well over a year now and just last night i realized that the timeout settings found in constants.php don't have anything to do with automatically logging users out... call me dumb but i always just assumed they did.

    Now it may not be necessary for every project to auto log out every user after a set amount of time. But security wise, it makes sense for every user logged in as an administrator to be logged off after X amount of minutes of inactivity.

    After i realized how to correctly check for a timeout i could easily edit the "addActiveUser" function in database.php I just edited the function to look like:

    Code:
    function addActiveUser($username, $time){
       $q = "SELECT * FROM ".TBL_USERS." WHERE username = '$username'";
       $r = mysql_query($q, $this->connection);
       $t = mysql_fetch_array($r);
       $timeout = time()-USER_TIMEOUT*60;

       if($t['timestamp'] < $timeout) header("Location: ./process.php");

       $q = "UPDATE ".TBL_USERS." SET timestamp = '$time' WHERE username = '$username'";
       mysql_query($q, $this->connection);

       if(!TRACK_VISITORS) return;
       $q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$username', '$time')";
       mysql_query($q, $this->connection);
       $this->calcNumActiveUsers();
    }

    This takes the existing function and adds a new section to query the database and check to see if the timestamp in the database has a greater value then the timeout value. If it does, then nothing happens and you are still logged in as usual; but if it doesn't, then you get redirected to process.php and get logged out.

    This will log out all users who's last active timestamp value is less than the timeout value. If you wanted to alter this so just administrators get logged out automatically, it would be easy enough to add a conditional statement that checked to see if the user name has a user level of 9 before checking the timestamp against the timeout.

    Has anyone else added anything like this to their script? I am curious to see how else it could have been done.


    _________________
    in the end, the universe tends to unfold as it should...

    Also note that it is your responsibility to die() if necessary.
    avatar
    Apollo

    Number of posts : 9
    Registration date : 2010-03-22

    Re: Automatically log out inactive users

    Post  Apollo on Tue Mar 23, 2010 10:37 pm

    Iv just realised this now you mention it. I assumed the time out function done this, without actually checking it. Nice post!
    avatar
    kuruczp

    Number of posts : 2
    Registration date : 2012-07-17

    with frames

    Post  kuruczp on Thu Sep 27, 2012 2:58 pm

    Hi!

    How to make this work if i ue 2 frames? it log me out only from the second ( with page contents) frame and not from the main frame (with menu line), so when i click on menu it log me in again? How to log out from both frames?

    Sponsored content

    Re: Automatically log out inactive users

    Post  Sponsored content


      Current date/time is Tue Sep 19, 2017 9:21 am