I am working on a simple project where I have a login system with multiple users where each user will login and save form entries in a file. Idea is last user who is logged in should always have the write access (and all others write access should be revoked) and if last user logs out then second last user should have the access but if only one user is logged in then he should get the write access automatically.
- I have
login.phppage where I provide my user and password. - If login is successful then it redirects me to
index.phppage where I have form with two textbox and a button. - On
index.phppage I haveSave Databutton which if I click it callssave.phpthen it save form entries by overwriting in file but there is a catch here as explained below. - I also have
logoutlink on myindex.phppage which if I click then it will log me out and redirect tologin.phppage. On each logout it clear the session and clears entries from the file as well.
Here is the flow with multiple users trying to save in a file. Only the last user who is logged in will be able to save form entries in a file. All other users who logged in before should get message saying Your write access is revoked since another user is logged in now. For example:
- If
userAis logged in then he should be able to save form entires in a file. - If
userBis logged in thenuserAwrite access is revoked butuserBshould be able to save. - Now If
userCis logged in thenuserBanduserAwrite access is revoked butuserCshould be able to save. - Similarly for other users. Idea is only last user who is logged in should be able to save and all others (who are logged in) write access should be revoked.
Now if last user logs out then second last user who was logged in should get his write access back. And similarly for others as well. Logout/Login can happen in any way from any users.
Here is my index.php file:
<?php
declare(strict_types = 1);
// Start session.
session_start();
// Include helper functions.
require_once 'helpers.php';
// 2 mins in seconds
$inactive = 120;
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive)
{
redirect('logout.php');
return;
}
}
$_SESSION['timeout'] = time();
// Redirect user to login page if not authenticated.
if (! check_auth()) {
redirect('logout.php');
return;
}
?>
<!doctype html>
<html>
<head>
<title>Home</title>
</head>
<body>
<div>
<h1>Website Title</h1> <a href="logout.php">Logout</a> </div>
<div>
<p>Welcome back, <?= $_SESSION['user_id'] ?>!</p>
</div>
<form method="post">
<input type="text" name="field1" />
<input type="text" name="field2" />
<input type="submit" name="submit" value="Save Data"> </form>
<script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script>
$(function() {
"use strict";
$('form').submit(function(e) {
e.preventDefault();
$.post({
url: 'save.php',
data: $(this).serialize(),
}).done(response => {
response = JSON.parse(response);
if (response.message) {
alert(response.message);
}
}).fail(jqXhr => {
if (jqXhr.status == 400) {
//redirect to specified url in the response text
window.location.href = jqXhr.responseText;
}
});
});
});
</script>
</body>
</html>
Here is my save.php file:
<?php
declare(strict_types=1);
// Start session.
session_start();
// Include helper functions.
require_once 'helpers.php';
// 2 mins in seconds
$inactive = 120;
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive)
{
redirect('logout.php');
return;
}
}
$_SESSION['timeout'] = time();
// Redirect user to login page if not authenticated.
if (! check_auth()) {
redirect('logout.php');
return;
}
if (! is_authorized_to_write()) {
echo json_encode([
'success' => false,
'message' => 'Your write access is revoked since another user is logged in now.',
]);
return;
}
// save form entries in a file here
Problem Statement
All my above code works fine but there is a bug with multiple users trying to save form entries in a file –
- If
userAlogs in then he is able to save form entries in a file successfully. - But if
userBlogs in thenuserAwrite access is revoked anduserBcan save which is fine. - Now if
userClogs in thenuserAanduserBboth write access is revoked anduserCcan save which is fine.
Now as you can see all three users are logged in but if userB logs out then userC has write access because he was the last one to login so it works fine. But as soon as userC logs out and no one is remaining then userA write access should be back but somehow whenever userA tries to save, it says someone is logged in so he cannot save. And that is the bug. I think problem is the way I am storing entries in current_user.txt file but somehow not able to figure out on how to store in such a way so that last user who is logged in should always have the write access and if last user logs out then second last user should have the access but if only one user is logged in then he should get the write access automatically.
Advertisement
Answer
Why can’t you just let them each save to their own file or use a database? In case you really desire such absurd behavior, just make the login of one user set a flag in the user table, that will restrict other’s from writing the file. File-based sessions cannot be used for such functionality, because it has to be state-less.