I don't know php can do it or not, but here is what I want done to my page.

I have few files for users to dowload, but I don't want user to download more than 1 files at the time.

Is it posible using php to limit the user only 1 download at the time?

Thank you so so so.... much

Mike

PS: Also, is it posible to limit user only allow to login once with one account? I don't want user to login then give his or her account to someone, then other can use the same account to login at the same time.

First of all...Read our posting guidelines section 2:

http://www.codingforums.com/postguide.htm

Don't you think "Can PHP limit downloads" would have been a more appropriate thread title?


As for your question...you cannot reliably prevent users from downloading more than one file at a time.

You can prevent multiple logins under one account. Check and record IP addresses with each page access during while they are logged in. If more than one IP shows up then multiple people are using it at the same time.

Spookster,

I am using session, each time user sign in, I will start session and assign user ip to SESSION['ip'] and username to SESSION['name']

So, how do I check to see if user had login once only?

I am thinking this

if (isset(session['use'])) //someone already login
{
kill session;
{
else
{
set session value
}

Am I right???

Do you have any sugestion?

I wouldn't just check to see if the variable in the session is set or not.

I would actually compare IP addresses:



if($_SERVER['REMOTE_ADDR'] != $_SESSION['ipaddress']){
session_start();
$_SESSION = array();
session_destroy();
echo "Error: Multiple IP's were detected simultaneously using this account. Goodbye."
}

One thing I gets really confuse about using session.

Lets say there are 5 users login with different username, so that means 5 sessions had created.

when you said comparing session['ip'], how does php know who's session['ip'] am I talking about? Session['ip'] are assigned to all users and it's value are all different. I understand if session['ip']+session['userID'], that way I can tell which session is belong to witch session. Do you know what am I talking about???

Also, is there a function for me to check how many sessions are created?

Thanks :)

Originally posted by weronpc
One thing I gets really confuse about using session.

Lets say there are 5 users login with different username, so that means 5 sessions had created.

when you said comparing session['ip'], how does php know who's session['ip'] am I talking about? Session['ip'] are assigned to all users and it's value are all different. I understand if session['ip']+session['userID'], that way I can tell which session is belong to witch session. Do you know what am I talking about???

Also, is there a function for me to check how many sessions are created?

Thanks :)

I'm glad one of us was paying attention. Certainly wasn't me. lol :D

You are correct. The IP will need to be stored in a central location for the particular account. Assuming you are using a database to handle the logins then add another column for IP address and when a person logs in store the IP in the database for that account and maybe even a timestamp to know when the IP was stored. Then pull the IP from the database and compare it with the one retrieved from REMOTE_ADDR. If they are ever different withing a reasonable time frame then there is possibly more than one computer being used to access the account.

The only drawback to this obviously is a call to the database on every page would be required to constantly have the most recent IP address stored. Also if the person is on a dialup account with a dynamic IP and they get disconnected and come back in a minute after reconnecting then they would trip the system into thinking multiple people are accessing it.

The only drawback to this obviously is a call to the database on every page would be required to constantly have the most recent IP address stored. Also if the person is on a dialup account with a dynamic IP and they get disconnected and come back in a minute after reconnecting then they would trip the system into thinking multiple people are accessing it.


Do we really need to check for the latest IP address in all the pages? Well, I understand that if we do not keep the latest IP address and use a time frame of 1 hour for example, then a person can log in, stays in the site for 1 hour, and then another person with a different computer logins and hustles the system! But what if we time out our users after that reasonable time frame? Let's say we have this condition for a successful log in:


//Pseudo code:
if ( $currentHour == $hourStoredInDB && $REMOTE_ADDR != $ipStoredInDB )
die("There is already another user connected to this account, sorry!");
else
//Write user's ip and current hour in the db. Also write the current hour in the sessions array too.


So, you see that if a person logins, and someone else tries to login at the same hour that he (the first person) is logged in, he'll die! But if an hour passes, then what can we do? So, we can automatically log out each user after he/she spent one hour ( just a time frame ) in our site. For doing that, we destroy their session and also put -1 as their time frame in our database. So, they should login again if they want to keep working with the site after one hour and then we don't have the problem of users on a dial up account with a dynamic IP address. We shouldn't also read/write the database in each page. In each page we simply check for the session that holds the time frame and if it's more than one hour that it's made, then we log out the user as I said.