디비로 세션관리 및 중복로그인 방지

sugar01
http://prospect.new21.net

회원테이블에 테스트용으로 아이디 ‘test’ 비밀번호 ‘test’ 인 데이터를 하나 넣었습니다.
###########회원 테이블###########
CREATE TABLE sugar_member (
num int(4) unsigned NOT NULL auto_increment,
id char(20) NOT NULL default ”,
passwd char(20) NOT NULL default ”,
PRIMARY KEY (num)
) TYPE=MyISAM;

INSERT INTO sugar_member VALUES(”,’test’,password(‘test’));

##########세션 관리 테이블###################
CREATE TABLE sugar_session4 (
uid varchar(32) NOT NULL default ‘0’,
sess_key varchar(32) NOT NULL default ”, //세션키
last_log int(11) unsigned NOT NULL default ‘0’,
last_ip varchar(15) NOT NULL default ”,
sess_value text NOT NULL, //세션값, 로그인 하게되면 저장되는 정보
attack int(2) NOT NULL default ‘0’, //로그인후 다른 아이피에서 로그인 하려 하면 증가
KEY sess_key (sess_key)
) TYPE=MyISAM;

#######config.php#########
$localhost=localhost;
$user_name=””; //디비 사용이름
$db_passwd=””; //디비 패스워드
$db_name=””; //디비 이름

$connect=mysql_connect(“$localhost”,”$user_name”,”$db_passwd”) or die(“SQL server에 연결할수 없습니다.”);
mysql_select_db(“$db_name”,$connect);
?>
#########sess_test.php#################

include “config.php”;

session_cache_limiter(”);
session_set_save_handler(“sess_open”, “sess_close”, “sess_read”, “sess_write”, “sess_destroy”, “sess_gc”);
session_start();
//echo”_SESSION[sess_id] = $_SESSION[sess_id]
“;
$time=time();
//echo”time= $time
“;

function sess_open($save_path, $session_name) {
//echo”sess_open save_path = $save_path session_name= $session_name

“;
return 1;
}

function sess_read($key) {
//echo”sess_read key = $key

“;
$query=mysql_query(“SELECT sess_value FROM sugar_session4 WHERE sess_key = ‘$key’ AND last_log > ‘”.(time()-get_cfg_var(“session.gc_maxlifetime”)).”‘ “) or die(mysql_error());
$row=mysql_fetch_array($query);
return $row[0];
}

function sess_write($key, $value) {
//echo”sess_write key = $key value=$value

“;
$query=mysql_query(“SELECT * FROM sugar_session4 WHERE sess_key=’$key’AND sess_value IS NOT NULL”) or die(mysql_error());
$time=time();
$check=mysql_num_rows($query);
//echo”check = $check
“;
if(mysql_num_rows($query)==0) //새로 로그인 하려는 경우
{
if($value!=””)
{
$uid=$GLOBALS[‘sess_id’];
//로그아웃 하지 않고 창을 닫아서 사이트를 나가고 다시 로그인 하려는 경우
$query=mysql_query(“SELECT sess_value from sugar_session4 WHERE uid=’$uid’ AND last_ip='”.$_SERVER[“REMOTE_ADDR”].”‘”) or die(mysql_error());

if(mysql_num_rows($query))
{
mysql_query(“UPDATE sugar_session4 SET sess_key=’$key’,last_log='”.time().”‘, last_ip='”.$_SERVER[“REMOTE_ADDR”].”‘, sess_value=’$value’ WHERE uid=’$uid'”) or die(mysql_error());
echo”“;
}

else //로그아웃 하고 나가서 다시 로그인 하려는 경우
{
//다른 아이피로 접근 하려는 경우
$query=mysql_query(“SELECT sess_value FROM sugar_session4 WHERE uid=’$uid’ AND last_ip!='”.$_SERVER[“REMOTE_ADDR”].”‘”) or die (mysql_error());
if(mysql_num_rows($query))
{
$query=mysql_query(“UPDATE sugar_session4 SET attack=attack+1 WHERE uid=’$uid’ AND last_ip!='”.$_SERVER[“REMOTE_ADDR”].”‘”) or die (mysql_error());

echo(“
“);

}
else //순수히 새로 로그인 하려는 경우
{
$query=”INSERT INTO sugar_session4 VALUES(‘$uid’,’$key’,’$time’,'”.$_SERVER[“REMOTE_ADDR”].”‘,’$value’,”)”;

mysql_query($query) or die(mysql_error());
echo”“;
}
}
}

}

else// 계속 로그인 해져있는상태
{
$query=mysql_query(“SELECT attack FROM sugar_session4 WHERE sess_key=’$key'”);
$row=mysql_fetch_array($query);
if($row[attack]!=0) echo” $row[attack] 번 다른곳에서 접속 시도가 있었습니다
“;
mysql_query(“UPDATE sugar_session4 SET last_log='”.time().”‘, last_ip='”.$_SERVER[“REMOTE_ADDR”].”‘, sess_value=’$value’ WHERE sess_key=’$key’ “) or die(mysql_error());

}

return true;
}

function sess_close() {
return 1;
}

function sess_destroy($key) {
//echo”sess_destroy key=$key

“;
$query=mysql_query(“DELETE FROM sugar_session4 WHERE sess_key=’$key'”) or die(mysql_error());
}

function sess_gc($lifetime) {
//echo”sess_gc lifetim=$lifetime
“;
mysql_query(“DELETE FROM sugar_session4 WHERE last_log<".time()) or die(mysql_error());
return true;
}

?>

###################login.php###############
include”sess_test.php”;
echo(“



“);

if($_SESSION[sess_id]!=””)
{
echo(“

$_SESSION[sess_id] 님 로그인
로그아웃

“);
}
else
{
echo(“


Id 

Password 

“);
}//else end

if($mode==ok)
{

$sql=mysql_query(“select password(‘$passwd’)”);
$conv_passwd=mysql_result($sql,0,0);

$sql=mysql_query(“select * from sugar_member where id=’$id’&&passwd=’$conv_passwd'”) or die(mysql_error());
$e_check=mysql_num_rows($sql);
$row=mysql_fetch_array($sql);
if($e_check==”)
{
echo(“



“);
}
else
{
$sess_id=”$row[id]”;
session_register(sess_id);
//echo”로그인 에서 의 HTTP_SESSION_VARS[sess_id] = $HTTP_SESSION_VARS[sess_id]
“;
}

}
########logout.php#########
include”sess_test.php”;
session_destroy();

echo”“;
?>