1
I have a little problem here that I believe may be easy to solve, but I’m having difficulties.
I’m having trouble controlling access to a site that is paid ok, so the user subscribes and has access to the site, OK.
The problem is that it can pass the password to a friend and both will use the site, so I first tried to identify the IP of the machine but I had problems with it because the IP ends up changing in some situations do not know why (as in mobile using 3G for example).
So what I did was the following: when accessing the site I create a Token (based on php’s date() function picking the year, month, day, hour, minute and second of access).
This Token is saved in the Database and also saved in the user’s PC (cookie) and the site always checks before opening any page if the Token saved in the database is the same as the PC (cookie) and if different (someone else trying to access from another location) it blocks the access needing to 'reset' the access and enter again, IE, after 'reset' the access it will be able to enter, but only the 1st who login, because the other when trying to change page the site will see that the Token is different (since a new Token was generated) and blocks it... well, it works well and makes the person does not pass his password since he will not be able to use the site at the same time with other people.
Now I have 1 problem, if the person 1 (holder) access the site and open a video for example, after opening it can warn the person 2 to login resetting the access, even if the person 1 is 'irregular' the site only notice it when she tries to change page, but if the video has 1 hour she will watch quietly until the end and so can make this 'scam' combined without problem for both access the content of the site.
WHAT DO I WANT? I have a PHP code that takes the Token saved in the database and compares it with the Token saved on the PC and if it doesn’t, it performs a redirect to the ERROR page due to the multiple login.
I wanted this page (or script since it’s a small code) to be executed frequently without refreshing, every 5 seconds for example, so when a second user logged in even if the first user stood there and changed page the site would identify the fault and bring it down on time.
But how to run a PHP script this way without refreshing the page?
The script I want to run would be like this:
$sqlToken = mysql_query("SELECT * FROM ead WHERE login = '$cpf' AND senha = '$senha'");
while($linhaToken = mysql_fetch_array($sqlToken)){
$ipToken = $linhaToken['ip'];
}
<!--ATE AQUI EU FIZ A CONEXAO E PEGUEI O IP SALVO NO BANCO-->
$ipCookie = $_COOKIE["tokenAcesso"];
<!--AQUI EU PEGUEI O IP SALVO NO PC/MOBILE PELO COOKIE-->
if($ipToken != $ipCookie){
<!--AQUI VEJO SE ESTAO BATENDO-->
<!--SE NAO BATER EU LOJO PARA A PÁGINA DO ERRO-->
echo "<meta HTTP-EQUIV='Refresh' CONTENT='0;URL=multiLogin.php'>";Now I needed to run this script frequently, every 5 seconds or so to always be checking if there was no irregularity as someone else log in to the site at the same time (if this is done the Bank Token will change and consequently this person who was already using the site will be dropped by this script because your Cookie Token will be different from the NEW TOKEN that was saved in the bank understood?).
I await return, thank you very much.
Perfect, worked exactly as I needed, now every 3 seconds (I left as 3 seconds even for me is ok) the page check and if there was any change the user is dropped.
– Leandro