thinkPHP framework implements remote login reminder for users

This time I bring you thinkPHP frameworkrealize user remote login reminder, thinkPHP framework realizes user remote login reminderWhat are the precautions, the following is a practical case, let's come together take a look.

For web websites with relatively high security requirements, especially backend management, sometimes you need to check whether your account has been stolen or whether another person is logged in and performing backend operations at the moment, which will be very unsafe. , in order to prevent two people from logging in and operating at the same time, you can force an account to be offline.

Of course it is not possible to judge by IP, because IP will change within a certain network segment at any time, but there is a mechanism that can solve this problem, that is session, as long as you use the same browser to access the website , the browser does not close the session_id of each visitor and remains unchanged, which is exactly what is needed to solve this problem.

Taking the website background built by TP framework as an example, the idea is as follows:

(1) Database user table

In the user table, add a Field `session_id` varchar(32) is used to store the session_id after login.

(2)User login

User login is a normal judgment of the account password and verification code. When these When all verifications pass, the current session_id is taken out and stored in the user table of the database.

M('user')->where(array('id'=>$_SESSION['uid']))->save(array('session_id'=>session_id()));

(3) Solve the remote login problem

For background operations, in order to facilitate verification and operation security, a basic controller## will be created first. #BaseController, and then other operation controllers in the background inherit this base controller. Before each step of the background operation, the detection of the user status is placed in the initialization _initialize() method of the BaseController controller.

Now in the

_initialize() method, in addition to verifying whether the user login status is locked, etc., we also need to take out the local session_id and compare it with the session_id stored in the user table. If If the account name is not logged in in another place, you can force it to go offline and return to the login page.

$user = M('user')->where(array('id'=>$_SESSION['uid']))->find();
$session_id = session_id();
if($user['session_id'] != $session_id){
 session_destroy();
 $this->error('您的账号在其他地方登录,您已经被强制下线', U('login'));
}

Of course, you can also get the IP for remote login and give a reminder:

I believe you have mastered the method after reading the case in this article, and there will be more exciting things. Please pay attention to other related articles on php Chinese website!

Recommended reading:

How to obtain HTTP parameters in Egg.js

mysqld_multi deployment stand-alone detailed explanation

JS gets the value in the first element in the select drop-down box

The above is the detailed content of thinkPHP framework implements remote login reminder for users. For more information, please follow other related articles on the PHP Chinese website!