Function to dislodge through inactivity

Asked

Viewed 435 times

0

Well, in my project when the user logs in the system performs a function that creates a Session with email from it to authenticate it during the site:

Function:

function logaUsuario($email) {
     $_SESSION["usuario_logado"] = $email;
}

Functions that check if the user is logged in:

function usuarioEstaLogado() {
return isset($_SESSION["usuario_logado"]);
}

function verificaUsuario() {
    if(!usuarioEstaLogado()) {

       header("Location: login.php");
       die();
    }
}

but I need to make sure that after a few minutes of downtime the system depresses the user but keeps the email saved. What would be the best way to "depress" the user but continue with your stored email?

php
  • 1

    You want to dislodge the user and keep the SESSION with the email?

  • 1

    You are conditioning the SESSION where the user’s email was stored to the fact that it is logged in, right?

  • @Davidsamm Yes, yes, yes

  • 1

    I know. But what you want to do with the user’s email after it is dropped. Because when SESSION expires, there is no way to recover it. It will be empty.

  • 1

    Related: Lockscreen Lock Screen

  • 1

    you will have to store the email somewhere... can you inform pq to keep the email? know can help to outline a strategy.

  • Almost what @Knautiluz said I intend to do a "Rest screen" where for example if the user is inactive for x minutes being with the site open or not it stores the email, as if it were a Cookie, but I don’t think the cookie would be safe enough

  • I would like to do like the facebook that shows the profile photo of the user instead of having to enter the email and password the user would only need to enter the password to authenticate

  • 1

    Using the function I answered below, you can then check if $_SESSION['login user'] exists and if it contains email, then you can do the same as facebook, just ask for the password.

  • @Luhansalimena If the issue is security, store only the email on the current machine the user is accessing I think it is not a big security problem.

  • @Luhansalimena Let’s say I’m on a lanhouse. It’s common for me to log on to a site where someone has already logged on before and come across another user’s email. Just click "I’m not a guy" or try to guess the password of "so-and-so," which no one will bother to do.

  • @Luhansalimena You can store the user’s email in a localStorage when they log in, and when their SESSION expires, you call this localStorage ONLY to get their email for a new login, and they should just type in the password.

Show 7 more comments

1 answer

1

function checkAtividade() {
    if(time() - $_SESSION['timestamp'] > 900) { // Subtrai timestamp atual com o armazenado em SESSION['timestamp']
        echo"<script>alert('Deslogado por inatividade!');</script>";
        unset($_SESSION['timestamp']);
        $_SESSION['logged_in'] = false;
        header("Location: " . login.php); // Redireciona para a pagina login.php
        exit;
    } else {
        $_SESSION['timestamp'] = time(); // Atualiza timestamp
    }
}

Change your duties:

function logaUsuario($email) {
    $_SESSION["usuario_logado"] = $email;
    $_SESSION['timestamp'] = time();
    $_SESSION['logged_in'] = true;
}

function usuarioEstaLogado() {
    return isset($_SESSION["logged_in"]);
}

  • In the function of checking the "900" would be what? seconds or ms?

  • I put the function and every time I try to log in the system I already dislocate

  • 900 is in seconds

  • update the function logandium as I left now in reply

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.