In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > Because this is a revenue-based site, and users buy a password for access, we're > wondering what the best php/mysql mechanism would be to allow only one person to > access their account at a time.
> In other words, how do we prevent two users from using the same password to access > the same account at the same time? If a user logs in: store the login timestamp in the database store the uid and timestamp in a session variable. If a user requests a page: compare the uid and timestamp in the session with the ones in the database. This way: Every user that tries to login with a valid uid/pwd gets access. Every session with the same uid but older timestamp expires. Don't applaud, just throw money :D -- Tim Van Wassenhove <http://home.mysth.be/~timvw> -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php