I am working on a simple project where I have a login system with multiple users where each user will login and save form entries in a file. Idea is last user who is logged in should always have the write access (and all others write access should be revoked) and if last user logs out then second last user should have the access but if only one user is logged in then he should get the write access automatically.
- I have
login.php
page where I provide my user and password. - If login is successful then it redirects me to
index.php
page where I have form with two textbox and a button. - On
index.php
page I haveSave Data
button which if I click it callssave.php
then it save form entries by overwriting in file but there is a catch here as explained below. - I also have
logout
link on myindex.php
page which if I click then it will log me out and redirect tologin.php
page. On each logout it clear the session and clears entries from the file as well.
Here is the flow with multiple users trying to save in a file. Only the last user who is logged in will be able to save form entries in a file. All other users who logged in before should get message saying Your write access is revoked since another user is logged in now
. For example:
- If
userA
is logged in then he should be able to save form entires in a file. - If
userB
is logged in thenuserA
write access is revoked butuserB
should be able to save. - Now If
userC
is logged in thenuserB
anduserA
write access is revoked butuserC
should be able to save. - Similarly for other users. Idea is only last user who is logged in should be able to save and all others (who are logged in) write access should be revoked.
Now if last user logs out then second last user who was logged in should get his write access back. And similarly for others as well. Logout/Login can happen in any way from any users.
Here is my index.php
file:
<?php declare(strict_types = 1); // Start session. session_start(); // Include helper functions. require_once 'helpers.php'; // 2 mins in seconds $inactive = 120; if(isset($_SESSION['timeout']) ) { $session_life = time() - $_SESSION['timeout']; if($session_life > $inactive) { redirect('logout.php'); return; } } $_SESSION['timeout'] = time(); // Redirect user to login page if not authenticated. if (! check_auth()) { redirect('logout.php'); return; } ?> <!doctype html> <html> <head> <title>Home</title> </head> <body> <div> <h1>Website Title</h1> <a href="logout.php">Logout</a> </div> <div> <p>Welcome back, <?= $_SESSION['user_id'] ?>!</p> </div> <form method="post"> <input type="text" name="field1" /> <input type="text" name="field2" /> <input type="submit" name="submit" value="Save Data"> </form> <script src="https://code.jquery.com/jquery-3.5.1.min.js"></script> <script> $(function() { "use strict"; $('form').submit(function(e) { e.preventDefault(); $.post({ url: 'save.php', data: $(this).serialize(), }).done(response => { response = JSON.parse(response); if (response.message) { alert(response.message); } }).fail(jqXhr => { if (jqXhr.status == 400) { //redirect to specified url in the response text window.location.href = jqXhr.responseText; } }); }); }); </script> </body> </html>
Here is my save.php
file:
<?php declare(strict_types=1); // Start session. session_start(); // Include helper functions. require_once 'helpers.php'; // 2 mins in seconds $inactive = 120; if(isset($_SESSION['timeout']) ) { $session_life = time() - $_SESSION['timeout']; if($session_life > $inactive) { redirect('logout.php'); return; } } $_SESSION['timeout'] = time(); // Redirect user to login page if not authenticated. if (! check_auth()) { redirect('logout.php'); return; } if (! is_authorized_to_write()) { echo json_encode([ 'success' => false, 'message' => 'Your write access is revoked since another user is logged in now.', ]); return; } // save form entries in a file here
Problem Statement
All my above code works fine but there is a bug with multiple users trying to save form entries in a file –
- If
userA
logs in then he is able to save form entries in a file successfully. - But if
userB
logs in thenuserA
write access is revoked anduserB
can save which is fine. - Now if
userC
logs in thenuserA
anduserB
both write access is revoked anduserC
can save which is fine.
Now as you can see all three users are logged in but if userB
logs out then userC
has write access because he was the last one to login so it works fine. But as soon as userC
logs out and no one is remaining then userA
write access should be back but somehow whenever userA
tries to save, it says someone is logged in so he cannot save. And that is the bug. I think problem is the way I am storing entries in current_user.txt
file but somehow not able to figure out on how to store in such a way so that last user who is logged in should always have the write access and if last user logs out then second last user should have the access but if only one user is logged in then he should get the write access automatically.
Advertisement
Answer
Why can’t you just let them each save to their own file or use a database? In case you really desire such absurd behavior, just make the login of one user set a flag in the user table, that will restrict other’s from writing the file. File-based sessions cannot be used for such functionality, because it has to be state-less.