I saw an article submited regarding automatic logouts.
I was a little suprised to see it here as it was written in Java.
Seeing that people were probably looking for a PHP equivelant, I decided to send this snippet in.
It’s a lil something I came up with a bit back to use a mySQL table to track user idle times and to log them out, delete their table entry and return them to a login prompt.
Or revalidate their timestamp in their table row as necessary.
Hope someone can use it.
…and credits would be cool if you do. :]
I should note, that this script will need to be altered to match your SQL database
as well as the generation of files or implanting of HTML to accomodate your pass prompt/access deny stuff.
As far as passing the user, I use ?SID=$SID in the URLS to pass the user through the script.
Questions/Comments/Code improvements can be sent to [email protected]
FUNCTION get_time($type) {
/*
* Returns timestamp
* in variable formats
*/
$time = getdate();
$hour = $time[hours];
$min = $time[minutes];
$sec = $time[seconds];
$year = $time[year];
$month = $time[mon];
$day = $time[mday];
if ($type == "datetime") {
//returns 'DATETIME' format for SQL inserts
$stamp = ("$year" . "-" . "$month" . "-" . "$day" . " " . "$hour" . ":" . "$min" . ":" . "$sec");
return $stamp;
}
elseif ($type == "check") {
//returns array for "stamp checking"
$stamp = array("$day", "$hour", "$min", "$month", "$year");
return $stamp;
}
}
## PASS PROMPT ##
if (!isset($SID) && !isset($pass)) {
obviously not logged in...
include("pass_prompt.php");
} else {
if (isset($pass) && !isset($SID)) {
login request has been submited
mysql_select_db("USER_db");
$result = mysql_query("SELECT pass, type FROM user_data WHERE id = '$id'");
let's test it to the DB
$row = mysql_fetch_array($result);
## ALLOW/DENY ACCESS ##
if ($row["pass"] == $pass && $row["pass"] != "") {
OK... we got a match, lets give them an SID and add them to the sessions table
srand((double)microtime()*1000000); use microseconds to seed rand() to create SID
$time = get_time(datetime);
$SID = rand();
$pass = $row["pass"];
$type = $row["type"];
mysql_select_db("USER_DB");
mysql_query("INSERT INTO SESS_TABLE (sid, id, pass, type, time) VALUES ('$SID', '$id', '$pass', '$type', '$time')");
mysql_select_db("USER_db");
mysql_query("UPDATE user_inf SET last_access = '$time' WHERE id = '$id'");
}
elseif ($row["pass"] != $pass && $row["pass"] != "") {
HEY! you trying to hack me? :]
include("access_deny.php");
}
elseif ($row["pass"] == "") {
noticed that if the pass was left unset, they could get in (earlier version) left this in for now...
include("access_deny.php");
}
}
}
if (isset($SID)) {
this is tested at every page request
mysql_select_db("USER_db");
$result = mysql_query("SELECT sid, id, pass, type, time FROM SESS_table WHERE sid = '$SID'");
$row = mysql_fetch_array($result);
if ($row["sid"] == $SID) {
$stamp = get_time("check");
$time = explode(" ", $row[time]);
$time_days = explode("-", $time[0]);
$time_hours = explode(":", $time[1]);
if ($time_hours[1] < 40) {
/*
* NOTE:
* This is set to allow 20min lifetimes see: $expire = ($time_hours[1] + 20)
* lose the 'IF' and 'ELSE; statements if you will do hourly life-times
* keep where tagged
*
*/
$expire = ($time_hours[1] + 20);
//add 20 minutes to current time (20 minutes to live) or set to 0 if by hours *KEEP ME*
$exp_hour = $time_hours[0];
//set to non-zero to desgnate hours to live *KEEP ME*
} else {
$ex = ($time_hours[1] - 40); //OK to kill
$expire = ("0" . $ex); //OK to kill *adds 0 before minutes*
$exp_hour = (($time_hours[0]) + 1); //OK to kill
}
if ($stamp[2] > $expire && $stamp[1] >= $exp_hour) {
mysql_select_db("USER_db");
mysql_query("DELETE FROM SESS_table WHERE sid = '$SID'"); DELETE expired user
$stat = "blocked";
include("sess_expired.php");
}
elseif ($stamp[0] != $time_days[2] || $stamp[3] != $time_days[1] || $stamp[4] != $time_days[0]) {
mysql_select_db("USER_db");
mysql_query("DELETE FROM SESS_table WHERE sid = '$SID'"); DELETE expired user
$stat = "blocked";
include("sess_expired.php");
} else {
We revalidate the timestamp in the users row
$new_time = get_time("datetime");
mysql_select_db("USER_db");
mysql_query("UPDATE SESS_table SET time = '$new_time' WHERE sid = '$SID'");
include("menu.php");
}
} else {
include("pass_prompt.php");
}
}
