* * OnlyOneLogin.php is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * OnlyOneLogin.php is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You can view the GNU General Public License at URL * * http://www.gnu.org/copyleft/gpl.html **/ # usage: require(OnlyOneLogin.php); >>AFTER<< AuthUser included # make sure that all usernames are valid filenames for the # file system you are using! $RecipeInfo['OnlyOneLogin']['Version'] = '1.4'; $username = ( isset($GLOBALS['AuthId']) ? (string)$GLOBALS['AuthId'] : '' ); session_start(); if ($username != '') { if (!isset($_SESSION['only1session::marker'])) { # this is the first time the script is called after a fresh new login $_SESSION['only1session::marker'] = true; if ( !file_put_contents('userlock/' . $username, session_id()) ) { # notify server admin that file system permissions are too strict die('file system failure'); } } else # => isset($_SESSION['only1session::marker']) { # this session might be an obsolete one. $old = (string)file_get_contents('userlock/' . $username); # ^--- false on failure will be converted to "" and thus result in logoff if ($old != session_id()) { $username = false; $_SESSION = array(); } } if ($action == 'logout') { unlink('userlock/' . $username); } # this ignores possible failure of unlink(). you may want to catch that. } session_write_close(); if ($username === false) { Redirect('Site/LoginSuperseded'); } # make sure to use 3 "=" or you catch anonymous guests as well