Clever Geek Handbook

How can I log out of inactive users after 30 minutes?

I am trying to log out of inactive users. If they haven't moved the mouse or typed after 30 minutes, they will automatically log out and return to the login screen. The login details are stored in my database.

Login procedure

<?php
require_once('includes/session.php');
    if (isset($_GET['logout']) and $_GET['logout'] == 1){
        logout();
    }
    //doublecheck status
    if (isset($_SESSION['user_id'])){
        $login = 1; $login_message = "Logged In";
    }else{
        $login = 0; $login_message = "Logged Out";
    }

include_once("../includes/masterinclude.php");
//include_once("../includes/functions_admin.php");


$preferences = getPreferences();
    $ip=$_SERVER['REMOTE_ADDR'];
    $message_login = "";

    if (isset($_POST['username']) and isset($_POST['password'])){
        $username = $_POST['username'];
        $password = $_POST['password'];
        $hashed_password = sha1($password);
        $u = Confirm_User($username, $hashed_password);
        if ($u == 1){
            $u = Get_User($username, $hashed_password);
            $_SESSION['user_id'] = $u->user_id;
            $_SESSION['username'] = $u->user_name;
            echo "<script type=\"text/javascript\">document.location.href=\"/home\";</script>";
        }else{
            $warning = "red";
            $message_login = "Login failed - Please try again";
        }
    }
?><head>



<form id="login" name="login" class="form-horizontal" method="post" action="_cms/login.php" _cms/style="display: block;">
            <div class="form-group" id="reauthorizeInner">
                <?php
                if($message_login != ""){
                    echo "<p><span class=\"message-error\">" . $message_login . "</span></p>";
                }else{
                    echo "<p class=\"message\">Please enter your username &amp; password</p>";
                }
                ?>
                <div class="input-group col-xs-12">
                    <input id="reauthuser" class="form-control" type="text" placeholder="Username.." name="username" value="username" onFocus="this.value=''" required="yes" message="You must enter a username">
                    <span class="input-group-addon">
                    <i class="icon-envelope-alt icon-fixed-width"></i>
                    </span>
                    </div>
            </div>
            <div class="form-group" id="reauthorizeInner">
                <div class="input-group col-xs-12">
                    <input id="reauthPassword" class="form-control" name="password" type="password" value="password" onFocus="this.value=''" required="yes" message="You must enter a password">

                    <span class="input-group-addon">
                    <i class="icon-asterisk icon-fixed-width"></i>
                    </span>
                </div>
            </div>
            <div class="clearfix">
                <div class="btn-group btn-group-sm pull-right">

                    <button class="btn btn-primary" id="submit" type="submit" onclick="document['login'].submit();">
                        <i class="icon-arrow-right"></i>
                        Login
                    </button>
                </div>
                <div class="make-switch pull-left" data-on="primary" data-off="danger"></div>
            </div>
        </form>

session.php

    <?php
session_start();
if (isset($_SESSION['user_id'])){
    $login = 1;
}else{
    $login = 0;
}

function confirm_logged_in() {
    if (!isset($_SESSION['user_id'])) {
        //redirect
        header("Location: /_cms/login.php?login=0");
    }
}
function logout(){
        $_SESSION = array();
        if(isset($_COOKIE[session_name()])){
            setcookie(session_name(), '', time()-42000, '/');
        }   
        session_destroy();
}

?>

I know there is a lot of code here, but I have to include that or people won't see the complexity of creating an exit timer for this. I have tried several different methods and none of them work due to the wrong login procedure. Any help would be greatly appreciated!

+3


source to share


3 answers


I would use some JS / jQuery and iddletimout library and combine them with your PHP code:



$.idleTimeout('#idletimeout', '#idletimeout a', {
        idleAfter: 300, //seconds
        onTimeout: function() {
           //some code
           window.location = "logout.php"; //This is your PHP logout page
        },
        onIdle: function() {
            //some code
        },
        onCountdown: function(counter) {
            //some code
        },
        onResume: function() {
            //some code
        }
    });
+2


source


You need JavaScript code that will count the time and reset the counter if something happens. But if the counter reaches 30 minutes, you will need to make an AJAX call that will log out of this user - call this logout function.



0


source


Of course, you could just use PHP's built-in timeout, which by default kills the session after 30 minutes without any activity.

If you want it to stay alive when the user moves the mouse (as opposed to actively making HTTP requests) then you might have some code in your Javascript that dispatches a "ping" ajax event fired so often with using mouse movement. Ajax ping doesn't need to do anything as long as it runs a dummy PHP script that references the session, it will be enough to keep the session open. If the ping script is not called within 30 minutes, the session will time out.

Thus, there is no real need to specifically trigger a logout; just let go of the session.

(you will have to do this anyway to handle cases where the user closes their browser, or it crashes, or it loses its network connection, etc., you don't want the session to hang forever in these cases)

0


source






More articles:


All Articles