• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Breaking login flow if already logged in with another session Codeigniter 3

#1
I am working on a codeigniter 3 app and ive recently implemented a session checker that deletes a user session if they're already logged in. Now we want a modal box to pop up if the user is already logged in with another session. I am able to get a modal box to pop up using a button but i want to implement it into the original flow of the login system. As it is the login form takes you straight to the validate login system. This is the login form now:
Code:
<form action="<?php echo site_url('login/validate_login/user'); ?>" method="post">
  <div class="content-box">
      <div class="basic-group">
          <div class="form-group">
              <label for="login-email"><span class="input-field-icon"><i class="fas fa-envelope"></i></span> <?php echo get_phrase('email'); ?>:</label>
              <input type="email" class="form-control" name = "email" id="login-email" placeholder="<?php echo get_phrase('email'); ?>" value="" required>
          </div>
          <div class="form-group">
              <label for="login-password"><span class="input-field-icon"><i class="fas fa-lock"></i></span> <?php echo get_phrase('password'); ?>:</label>
              <input type="password" class="form-control" name = "password" placeholder="<?php echo get_phrase('password'); ?>" value="" required>
          </div>
      </div>
  </div>
  <div class="content-update-box">
      <button type="submit" class="btn"><?php echo get_phrase('login'); ?></button>
  </div>
    <!-- Modal -->
  <div class="modal fade" id="login" role="dialog">
    <div class="modal-dialog">

      <!-- Modal content-->
      <div class="modal-content">
        <div class="modal-header">                               
          <h4 class="modal-title">You are already logged in</h4>
        </div>
        <div class="modal-body">
          <p>You are currently logged in on a different session on the site. Please note that if you continue, the existing session will be terminated. Please change your password if you suspect that your account has been conpromised.</p>
        </div>
        <div class="modal-footer">
          <button type="button" class="btn btn-default" data-dismiss="modal">Cancel Login</button>
          <button type="submit" class="btn"><?php echo get_phrase('login'); ?></button>
        </div>
      </div>

    </div>
  </div>
  <div class="forgot-pass text-center">
      <span><?php echo get_phrase('or'); ?></span>
      <a href="javascript::" onclick="toggoleForm('forgot_password')"><?php echo get_phrase('forgot_password'); ?></a>
  </div>
  <div class="account-have text-center">
      <?php echo get_phrase('do_not_have_an_account'); ?>? <a href="javascript::" onclick="toggoleForm('registration')"><?php echo get_phrase('sign_up'); ?></a>
  </div>
</form>

The button at the moment goes straight to this login function:

PHP Code:
public function validate_login($from "") {
        $email $this->input->post('email');
        $password $this->input->post('password');
        $credential = array('email' => $email'password' => sha1($password), 'status' => 1);

        // Checking login credential for admin
        $query $this->db->get_where('users'$credential);

        if ($query->num_rows() > 0) {
            $row $query->row();
            $this->session->set_userdata('user_id'$row->id);
            $this->session->set_userdata('role_id'$row->role_id);
            $this->session->set_userdata('role'get_user_role('user_role'$row->id));
            $this->session->set_userdata('name'$row->first_name.' '.$row->last_name);
            $this->delete_session_user_id();
            $this->session->set_flashdata('flash_message'get_phrase('welcome').' '.$row->first_name.' '.$row->last_name);
            if ($row->role_id == 1) {
                $this->session->set_userdata('admin_login''1');
                redirect(site_url('admin/dashboard'), 'refresh');
            }else if($row->role_id == 2){
                $this->session->set_userdata('user_login''1');
                $this->set_session_user_id();
                redirect(site_url('home/my_courses'), 'refresh');
            }
        }else {
            $this->session->set_flashdata('error_message',get_phrase('invalid_login_credentials'));
            redirect(site_url('home/login'), 'refresh');
        }
    

I created this function to pull the user id from an email:

PHP Code:
ublic function get_user_id($user_email "") {
        $this->db->select('id');
        $this->db->where('email'$user_email);
        $user_id=$this->db->get('users');
        return $user_id;
    
This function can get the user id based on the email supplied.

Then I use this function to check if there is a session and return [i]false[/i] if there are 0 results and [i]true[/i] if there is a session with that user id. So if its false they should be able to log in and the modal pop-up shouldn't open but if its true it should open.
PHP Code:
  public function user_has_session($user_id=''){
        $this->db->where('user_id',$user_id);
        $this->db->from('ci_sessions');
        $total=$this->db->count_all_results();
        if($total<0
            return false;
        else
            return true;
    
I think this is the best approach without having to redo the entire login flow. Perhaps someone can advise if this is the best approach or if in fact i should change the entire flow.
Thanks
Here is the previous problem I had which I have answered myself on stack overflow. It's related because this post shows my logic for the login sessions:
codeigniter 3 stop multiple logins using ci_sessions database
Thanks and regards
Zayd Bhyat
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.