Join Up! 104873 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI PHP Development: Getting Started Beginning Ajax with PHP: From Novice to Professional Using XML - Part 6: Validation Installing PHP under Xitami Search Google Books with the Zend Framework's Zend_Gdata Component

php-db | 2004071

From: Miles Thompson (milesthompson <email protected>)
Date: 07/15/04

• Next message: Justin Patrin: "Re: [PHP-DB] Easy reg expression problem"
• Previous message: ioannes: "[PHP-DB] Easy reg expression problem"
• In reply to: Tim Van Wassenhove: "[PHP-DB] Re: Restrict account access to single user"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

They are all good suggestions, Tim's is probably the most sophisticated,
but it's inevitable that usernames and passwords will escape.

On top of this I'd add a weekly count of user logins, so that the users in
effect buy a given amount of accesses each week.

If you're really serious, you will have to be somewhat brutal with your
users - change the password, make it a difficult to remember combination,
and do it often enough that they know you mean business.

We've been fighting with this for four years, and there's no perfect
solution. If it's a site where you are distributing published materials
(.pdf's) you may take a good look at what Adobe calls, or used to call, Web
Merchant, bite the bullet on the licensing and royalty fees, and reconcile
yourself to a Windows / IIS solution.

Cheers - Miles Thompson

At 02:23 PM 7/15/2004, Tim Van Wassenhove wrote:
>In article
><071520041609.6071.40F6AC330005C593000017B722007354469B020103040A0B <email protected>>,
>veditio <email protected> wrote:
> > Because this is a revenue-based site, and users buy a password for
> access, we're wondering what the best php/mysql mechanism would be to
> allow only one person to access their account at a time.
>
> > In other words, how do we prevent two users from using the same
> password to access the same account at the same time?
>
>If a user logs in:
>store the login timestamp in the database
>store the uid and timestamp in a session variable.
>
>If a user requests a page:
>compare the uid and timestamp in the session with the ones in the database.
>
>This way:
>Every user that tries to login with a valid uid/pwd gets access.
>Every session with the same uid but older timestamp expires.
>
>Don't applaud, just throw money :D
>
>--
>Tim Van Wassenhove <http://home.mysth.be/~timvw>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

• Next message: Justin Patrin: "Re: [PHP-DB] Easy reg expression problem"
• Previous message: ioannes: "[PHP-DB] Easy reg expression problem"
• In reply to: Tim Van Wassenhove: "[PHP-DB] Re: Restrict account access to single user"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs