Hi,
I need to prevent the same user to log in in different computer/browser at the same time. If a user is logged and someone else try to log in with the same login/passwd, the old session must be destroyed and only the last session is active. Ideally, the session variables are transfered to the new session.
How can I do that with webloginpe ? I’ve tried to change the Authenticate function to retrieve the current session and regenerate a new session id with session_regenerate_id but it does not work. Any idea ?
function Authenticate()
{
global $modx;
if (!empty($this->Report))
{
return; //There was an error in the last step
}
$web_users = $modx->getFullTableName('web_users');
$web_user_attributes = $modx->getFullTableName('web_user_attributes');
$authenticate = $this->OnWebAuthentication();
// check if there is a plugin to authenticate user and that said plugin authenticated the user
// else use a simple authentication scheme comparing MD5 of password to database password.
if (!$authenticate || (is_array($authenticate) && !in_array(TRUE, $authenticate))){
...
}
if ($this->LoginErrorCount == 1){
...
}
// MODIFICATION : erase old session to avoid concurrent connections with same userid
$oldSessionID = session_id($this->User['sessionid']);
session_regenerate_id();
// END OF MODIFICATIOB
$CurrentSessionID = session_id();
if(!isset($_SESSION['webValidated'])){
$isNowWebValidated = $modx->db->query("UPDATE ".$web_user_attributes." SET `failedlogincount` = 0, `logincount` = `logincount` + 1, `lastlogin` = `thislogin`, `thislogin` = ".time().", `sessionid` = '".$CurrentSessionID."' where internalKey='".$this->User['internalKey']."'");
}
// Flag the account as "Activated" by deleting the timestamp in `cachepwd`
$cacheTimestamp = $modx->db->query("UPDATE ".$web_users." SET `cachepwd`='' WHERE `id`='".$this->User['internalKey']."'");
}
Thanks in advance.
