php an user should login in one system and should not be able to login from other system unless requested
- I want to allow users to use only one system to login.
- if they use another machine then they should not be able to login.
- If they want to login then they can click request login option which will sent a reset link to the users email which when clicked will reset and update the database so that from now on he can login form that machine form which he made the reset request.
- so, when ever the user changes his machine he should not be able to login and can request a reset option.
- i am using ip and session id and previous session id to check login from one machine.
- if his session expires in that machine he will be logged in next time by storing the previous session id reference in a cookie.
so each time he access there will be two cookies to mean that whether he previously logged in this machine and if so then the session id is updated and he is logged in.
so if he is login in from a machine and if there is no previous/current session-id/ip-address then he is considered totally new to that machine and he cannot login.
Hope i have made it clear. if it is not much clear then please comment then i will edit my question.
I want a better approach or some other efficient mechanism to implement such functionality.
Even if the client is in a lan all the above conditions apply.
do my way of doing this has complications? if so then please suggest a good one.
Thank you.
Editing after a comment from https://stackoverflow.com/users/164394开发者_开发问答/purplepilot
the user can login anywhere but if the machine changes they can request an reset through their email. when they click the link in the email then that machines ip will be recorded and the user will have to continue in that system. This was requested by the admin cause there is going to be only two admin users.
Why dont you use cookie instead of session as your app demand that.
i think you are confused
Session never stored in client , cookie does. so you have to think about cookie for this app. Logic for the project seems okey once you implement cookie instead of session.
精彩评论