In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> Because this is a revenue-based site, and users buy a password for access, we're 
> wondering what the best php/mysql mechanism would be to allow only one person to 
> access their account at a time. 

> In other words, how do we prevent two users from using the same password to access 
> the same account at the same time?

If a user logs in:
store the login timestamp in the database
store the uid and timestamp in a session variable.

If a user requests a page:
compare the uid and timestamp in the session with the ones in the database.

This way:
Every user that tries to login with a valid uid/pwd gets access.
Every session with the same uid but older timestamp expires.

Don't applaud, just throw money :D

-- 
Tim Van Wassenhove <http://home.mysth.be/~timvw>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to