Complete Solution for Ensuring Unique User Login with PHP

Why Ensure Unique User Login?

In web development, protecting user account security is crucial. Restricting a single account to be logged in from only one device at a time not only prevents multiple concurrent usages but also reduces security risks. This article demonstrates how to achieve unique user login using PHP code examples.

Creating a User Login Page

First, design a simple login page to collect the username and password from users. Here's an example:

<!DOCTYPE html>
<html>
<head>
    <title>User Login</title>
</head>
<body>
    <h2>User Login</h2>
    <form action="login.php" method="post">
        <label for="username">Username:</label>
        <input type="text" id="username" name="username" required><br><br>
        <label for="password">Password:</label>
        <input type="password" id="password" name="password" required><br><br>
        <input type="submit" value="Login">
    </form>
</body>
</html>

Backend Logic for Unique User Login

In the login processing script login.php, we simulate user data with an array and verify the username and password. The key point is using sessions to store user state and regenerating session IDs to prevent session fixation attacks, ensuring a user can only be logged in on one device.

<?php
session_start();

$users = [
    'user1' => 'password1',
    'user2' => 'password2',
    // Other user data
];

$username = $_POST['username'];
$password = $_POST['password'];

if (array_key_exists($username, $users) && $users[$username] === $password) {
    if (isset($_SESSION['username']) && $_SESSION['username'] !== $username) {
        unset($_SESSION['username']);
        session_regenerate_id(); // Regenerate session_id
    }
    $_SESSION['username'] = $username;
    echo 'Login successful, welcome ' . $username;
} else {
    echo 'Incorrect username or password';
}
?>

User Logout Function

To fully manage user sessions, a logout script logout.php is needed to clear session data, allowing users to safely log out.

<?php
session_start();
unset($_SESSION['username']);
session_destroy();
echo 'You have successfully logged out';
?>

Conclusion

Using the above examples, we implement a unique user login feature with PHP's session mechanism. The system detects if there is an existing session for the user during login and regenerates the session ID to enhance security, preventing the same account from being logged in on multiple devices simultaneously. Logging out clears the session data to maintain account safety. This solution suits small to medium projects and helps improve login security.