In article <071520041609.6071.40F6AC330005C593000017B722007354469B020103040A0B@xxxxxxxxxxx>, veditio@xxxxxxxxxxx wrote: > Because this is a revenue-based site, and users buy a password for access, we're wondering what the best php/mysql mechanism would be to allow only one person to access their account at a time. > In other words, how do we prevent two users from using the same password to access the same account at the same time? If a user logs in: store the login timestamp in the database store the uid and timestamp in a session variable. If a user requests a page: compare the uid and timestamp in the session with the ones in the database. This way: Every user that tries to login with a valid uid/pwd gets access. Every session with the same uid but older timestamp expires. Don't applaud, just throw money :D -- Tim Van Wassenhove <http://home.mysth.be/~timvw> -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
