Is user Online? Help Needed

[ColdEdge]

Hi, Ok I got this to work in a odd matter. When user logs in and is authorized the login script updates a MySQL user field and replaced user_status from Offline to Online.and when the user clicks signout a simular method is performed but this time it sets status to Offline. The problem is that I am using SESSIONS and row selection truth out the site. Now, this is where I hit a brick wall. Lets say a user closes his/her browsers the session ends. But since the user did not click logout the user_status still says Online even so the user dosen't even have a web browser open.How would I fix that part?And other question. How can I allow a user who has posted a topic to only be able to edit his/her own topic and any other users 1st of all would not be able to see the Edit button even if they managed to get the URL to the edit page the script will display an error and would not allow them to edit the post content.- Thanks

[ColdEdge]

signin.php code

<?php//signin.phpinclude 'connect.php';include 'header.php';require 'formkey.class.php';  $formKey = new formKey();    $error = 'No error';    //Is request?  if($_SERVER['REQUEST_METHOD'] == 'post')  {  	//Validate the form key  	if(!isset($_POST['form_key']) || !$formKey->validate())  	{  		//Form key is invalid, show an error  		$error = 'Form key error!';  	}  	else  	{  		//Do the rest of your validation here  		$error = 'No form key error!';  	}  }  echo '<h3>Sign in</h3><br />';//first, check if the user is already signed in. If that is the case, there is no need to display this pageif(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true){	echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';}else{	if($_SERVER['REQUEST_METHOD'] != 'POST')	{		/*the form hasn't been posted yet, display it		  note that the action="" will cause the form to post to the same page it is on */ 				echo '<div><?php if($error) { echo($error); } ?>';		echo '<form method="post" action="">						'.$formKey->outputKey().'			Username: <input type="text" name="user_name" style="padding:8px;" />						<div style="height:4px;clear:both;"></div>			Password: <input type="password" name="user_pass" style="padding:8px;">						<div style="height:4px;clear:both;"></div>						<input class="inline" type="checkbox" name="remember_me" id="remember_me"> <label for="remember_me" class="inline">Remember Me</label>						 <div style="height:6px;clear:both;"></div>			<input type="submit" value="Sign in" style="padding:8px;"/>		 </form>';	}	else	{		/* so, the form has been posted, we'll process the data in three steps:			1.	Check the data			2.	Let the user refill the wrong fields (if necessary)			3.	Varify if the data is correct and return the correct response		*/		$errors = array(); /* declare the array for later use */				if(!isset($_POST['user_name']))		{			$errors[] = 'The username field must not be empty.';		}				if(!isset($_POST['user_pass']))		{			$errors[] = 'The password field must not be empty.';		}				if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/		{			echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';			echo '<ul>';			foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */			{				echo '<li>' . $value . '</li>'; /* this generates a nice error list */			}			echo '</ul>';		}		else		{			//the form has been posted without errors, so save it			//notice the use of mysql_real_escape_string, keep everything safe!			//also notice the sha1 function which hashes the password			$sql = "SELECT 						user_id,						user_name,						user_level,												user_avatar,												user_status,												user_rank,												user_date,												user_email,												user_points					FROM						users					WHERE						user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'					AND						user_pass = '" . sha1($_POST['user_pass']) . "'";									$result = mysql_query($sql);			if(!$result)			{				//something went wrong, display the error				echo 'Something went wrong while signing in. Please try again later.';				//echo mysql_error(); //debugging purposes, uncomment when needed			}			else			{				//the query was successfully executed, there are 2 possibilities				//1. the query returned data, the user can be signed in				//2. the query returned an empty result set, the credentials were wrong				if(mysql_num_rows($result) == 0)				{					echo 'You have supplied a wrong user/password combination. Please try again.';				}				else				{					//set the $_SESSION['signed_in'] variable to TRUE					$_SESSION['signed_in'] = true;																		//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages					while($row = mysql_fetch_assoc($result))					{						$_SESSION['user_id'] 	= $row['user_id'];						$_SESSION['user_name'] 	= $row['user_name'];												$_SESSION['user_avatar'] = $row['user_avatar'];						$_SESSION['user_level'] = $row['user_level'];												$_SESSION['user_rank'] = $row['user_rank'];												$_SESSION['user_date'] = $row['user_date'];												$_SESSION['user_points'] = $row['user_points'];												$_SESSION['user_email'] = $row['user_email'];					}										echo 'Welcome, ' . $_SESSION['user_name'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';										mysql_query("UPDATE users SET user_status = 'Online' WHERE user_id = '".$_SESSION['user_id']."'");				}			}		}	}}include 'footer.php';?>

signout.php code

<?php//signout.phpinclude 'connect.php';include 'header.php';echo '<h2>Sign out</h2>';if($_GET['act'] == 'logout') {echo 'Succesfully signed out, thank you for visiting.';mysql_query("UPDATE users SET user_status = 'Offline' WHERE user_id = '".$_SESSION['user_id']."'");echo '<meta http-equiv="Refresh" content="3;url=?logout=true">';}if($_GET['logout'] == 'true') {//check if user if signed inif($_SESSION['signed_in'] == true){	//unset all variables	$_SESSION['signed_in'] = NULL;	$_SESSION['user_name'] = NULL;	$_SESSION['user_id']   = NULL;	   		echo '<meta http-equiv="Refresh" content="0;url=/forum">';}}include 'footer.php';?>

[justsomeguy]

Instead of having a field to track who is online and who is offline, it's better to keep a timestamp in the user record that you update any time they visit any page. When you want to figure out who is currently online, you get the list of users where their timestamps are less than 5 minutes old, or 10 minutes, etc. For the second question, as long as you're keeping track of who posted what you should be able to use that to determine whether to display the edit link and whether the edit page should allow a certain user to edit a certain post.

[Kovo]

Instead of having a field to track who is online and who is offline, it's better to keep a timestamp in the user record that you update any time they visit any page. When you want to figure out who is currently online, you get the list of users where their timestamps are less than 5 minutes old, or 10 minutes, etc. For the second question, as long as you're keeping track of who posted what you should be able to use that to determine whether to display the edit link and whether the edit page should allow a certain user to edit a certain post.

I agree, and thats how I do it.However I have experienced issues on high traffic sites when an UPDATE query is being made on every single page request. It would be better to save the timestamp in the database as justsomeguy suggested, and also save it in a session, and on every page load check the timestamp you saved in the session, if its 5-10-15 or whatever minutes old, make another UPDATE query to the database for that user updating the field in the db and again in the session.