× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to force user login only one device at a time ?
#1
Question 
Hi,


I just started using UserSpice and its exactly what I wanted. One thing I needed was to make a user login only one device at a time ? User shouldn't be allowed to login from multiple places simultaneously. Is there a setting to achieve this. I couldn't find it in the documentation.

Thanks in advance.
  Reply
#2
Hi rockfight,

With the currently released UserSpice, there is a Session Manager built into the application that would (for the most part) allow you to accomplish this. However, a portion of the code causes the script to break so I will have to find the resolution for that before you continue. It would be resolved in 4.4 which is to hopefully be released soon.

What you would do, is be sure to have the session administration enabled, and upon login, in the during login script, forcefully "kill" all existing sessions for that user. This would force an almost immediate logout as long as the users browser supports Javascript. Please poke me later on or tomorrow so I can try to find that code for you.

Thank you,
Brandin.
  Reply
#3
Thank you Brandin for your reply,

Actually what I wanted was if a user tries to login from a device but is already logged in from another device earlier, let him log in from this device but log him out from all other devices. For the solution I thought of the way below but I am not sure if its possible or not. 

I may need to one of the following custom script but not sure which


1. not_logged_in.php // I may not get a handle to User class here
2. custom_login_script.php // I get a handle to User class here

I checked logout.php and it uses 
Code:
$user->logout();

When I checked "User.php" class I found it uses DB to log him out
PHP Code:
public function logout(){
        
$this->_db->query("DELETE FROM users_session WHERE user_id = ? AND uagent = ?",array($this->data()->id,Session::uagent_no_version()));

        
Session::delete($this->_sessionName);
        
Cookie::delete($this->_cookieName);
        
session_unset();
        
session_destroy();
    } 

I am not very good at PHP but figured out I need to somehow combine these and use it in one of the two custom login script to get my result. 
Hope to get right direction from you.
Thank you.
  Reply
#4
Hi rockfight,

The only realistic way that currently exists in UserSpice to handle this is to use the Session Manager which is currently broken and will not be fixed until UserSpice 4.4.

The only way you could do it currently is create some sort of token that you store in the session variables and if it is not equal to the one you store in the DB (on login), log the user out. But the user would only see the logout on their next page load. My recommendation is to wait until 4.4 for the solution for Session Tracking and you would be able to do this easily.

Brandin.
  Reply
#5
Thanks Brandin,

I will wait till 4.4. Hppefully it will be released soon.

At the mean time I was trying to implement one more feature but still not sure it is possible or not.

I have a website that use paid yearly subscription. I have permission levels "Paid" and "Free". If user subscribes to some paid package upgrade him to "Paid" and when his subscription ends downgrade him to "Free" automatically (or via some custom programming logic). Basically What I was looking for is change permission of user based on an event. Is it possible in current version ?

Thank you
  Reply
#6
You would probably want to write a cron job to do this, and you would just write code that checks the users subscription, and if no longer valid, change to free and remove a permission level and add a different one. You can see examples of adding and removing permission levels on admin_user.php.
  Reply
#7
Thank you Brandin,

I created the following sample code

PHP Code:
<?php require_once '../../users/init.php'?>
<?php
$remove 
=[3];
removePermission($remove2);
// $add = [3];
// addPermission($add, 2,'user' 
If I browse this file by logging in as admin from browser than the permission is changed successfully. But if I put it into cron than the permission is not changed. May be that has to do with the init.php which requires login. How can I successfully implement this in cron.
  Reply
#8
You have to trigger the cron job automatically your control panel or server.
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)