Current Location: Home> Latest Articles> PHP Single User Login Restriction Implementation and Code Example

PHP Single User Login Restriction Implementation and Code Example

M66 2025-07-28

Need for PHP Single User Login Restriction

When developing websites or applications, it is often necessary to ensure that a user account can only be logged in on one device at a time, preventing the account from being shared across multiple devices. Implementing a single user login restriction helps secure the account and manage user sessions. This article will guide you through the process with a specific code example in PHP.

Database Design

First, we need to design a table to store user session information. You can create a table named user_sessions to store the user ID, session ID, and login time. Here is a sample structure of the table:

CREATE TABLE user_sessions (
    id INT AUTO_INCREMENT PRIMARY KEY,
    user_id INT NOT NULL,
    session_id VARCHAR(255) NOT NULL,
    login_time TIMESTAMP NOT NULL
);

PHP Code to Implement Single User Login Restriction

The core logic to implement a single user login restriction is as follows:

  • When a user logs in, generate a unique session ID and store the user ID and session ID in the user_sessions table;
  • Each time a user performs an action, verify that the current session ID matches the one stored in the database. If not, redirect to the login page;
  • When the user logs out, remove the corresponding session record from the database.

Here’s an example of the PHP code:

<?php
session_start();

// Connect to the database
$dsn = 'mysql:host=localhost;dbname=your_database';
$username = 'your_username';
$password = 'your_password';
$options = array(
    PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);

try {
    $dbh = new PDO($dsn, $username, $password, $options);
} catch (PDOException $e) {
    echo 'Database connection failed: ' . $e->getMessage();
    exit();
}

// User login
function login($user_id) {
    global $dbh;
    $session_id = session_id();
    $login_time = date('Y-m-d H:i:s');
    
    $stmt = $dbh->prepare('INSERT INTO user_sessions (user_id, session_id, login_time) VALUES (?, ?, ?)');
    $stmt->execute([$user_id, $session_id, $login_time]);
}

// Check user login status
function check_login($user_id) {
    global $dbh;
    $session_id = session_id();
    
    $stmt = $dbh->prepare('SELECT * FROM user_sessions WHERE user_id = ? ORDER BY login_time DESC LIMIT 1');
    $stmt->execute([$user_id]);
    $row = $stmt->fetch();
    
    if ($row['session_id'] != $session_id) {
        header('Location: login.php');  // Redirect to the login page
        exit();
    }
}

// User logout
function logout($user_id) {
    global $dbh;
    $stmt = $dbh->prepare('DELETE FROM user_sessions WHERE user_id = ?');
    $stmt->execute([$user_id]);
}

// Example usage
$user_id = 1;
if (isset($_SESSION['user_id'])) {
    check_login($_SESSION['user_id']);
} else {
    login($user_id);
}

// Other operations
// ...

// User logout
// logout($user_id);

?>

Conclusion

With the database design and PHP code example provided above, developers can implement the basic functionality of single user login restriction, ensuring that a user’s account is logged in on only one device at a time. Depending on the project requirements, you can further extend and improve the logic as needed.

Related
Latest Articles