By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,616 Members | 2,026 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,616 IT Pros & Developers. It's quick & easy.

Best way to ensure a user is valid

P: n/a
I'm working on a logon system, something generic and modular, as a part of
a few ideas I have running. I'm just wondering, though, what is the best
way to keep a user logged in authentically throughout multiple pages, while
not taxing the server with a lot of "Look in the database. Is this them?
Can they be here?" MySQL calls.

I'm just wondering how to cut down on the time spent querying the database
to make sure the user is legit on every page they hit. Are PHP sessions the
best way? If I use a stored session key, how do I store the key? Is
checking the database (against a stored cookie) an insignificant draw on
the processor? Should I give up PHP and learn farming?

Any insight is much appreciated.

(More info, if you're interested:) The system is going to consist of a
single MySQL database, with global usernames, md5ed passwords, and the
ability for each user to belong to some of a list of "domains", while
keeping the same username and password. This way, the messageboard, the CD
barcode site, and the restricted-access pages can all use the same database
(easier for me) for authenticating users (for further user-data, each
application will use its own code, with assurance that the logged in user
is legit). Also, users can use one password to skip between "sub-sites" on
my site.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
On 2003-11-23, FLEB <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote:
(More info, if you're interested:) The system is going to consist of a
single MySQL database, with global usernames, md5ed passwords, and the
ability for each user to belong to some of a list of "domains", while
keeping the same username and password. This way, the messageboard, the CD
barcode site, and the restricted-access pages can all use the same database
(easier for me) for authenticating users (for further user-data, each
application will use its own code, with assurance that the logged in user
is legit). Also, users can use one password to skip between "sub-sites" on
my site.


Actually, this looks like you are making a Single Sign-on system.
There is already a really nice system available, CAS (http://www.yale.edu/tp/cas/)
--
verum ipsum factum
Jul 17 '05 #2

P: n/a
Regarding this well-known quote, often attributed to Tim Van Wassenhove's
famous "23 Nov 2003 01:04:09 GMT" speech:

Actually, this looks like you are making a Single Sign-on system.
There is already a really nice system available, CAS (http://www.yale.edu/tp/cas/)

True, I'm sure there's something out there, but I'm the kind who likes to
write it myself... it gives me the experience, plus I just like having the
system that I'm sure how it works.

Thanks for the link, tho'.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #3

P: n/a
FLEB:
I'm working on a logon system, something generic and modular, as a part of
a few ideas I have running. I'm just wondering, though, what is the best
way to keep a user logged in authentically throughout multiple pages,
while not taxing the server with a lot of "Look in the database. Is this
them? Can they be here?" MySQL calls.

I'm just wondering how to cut down on the time spent querying the database
to make sure the user is legit on every page they hit. Are PHP sessions
the best way? If I use a stored session key, how do I store the key? Is
checking the database (against a stored cookie) an insignificant draw on
the processor? Should I give up PHP and learn farming?

Any insight is much appreciated.


Sessions. All you do is check if the user successfully logs in, and if he
does you set a session variable. All you really need is
$_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
the existence of this variable. See the manual for more details on how
sessions work.

André Nęss
Jul 17 '05 #4

P: n/a
Regarding this well-known quote, often attributed to André Nęss's famous
"Sun, 23 Nov 2003 15:14:10 +0000" speech:
FLEB:
I'm working on a logon system, something generic and modular, as a part of
a few ideas I have running. I'm just wondering, though, what is the best
way to keep a user logged in authentically throughout multiple pages
(snip)
Sessions. All you do is check if the user successfully logs in, and if he
does you set a session variable. All you really need is
$_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
the existence of this variable. See the manual for more details on how
sessions work.

André Nęss


Good deal... I'll look into those. Thanks.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #5

P: n/a
André Nęss <an*********************@ifi.uio.no> wrote in message news:<bp**********@maud.ifi.uio.no>...
FLEB:
I'm working on a logon system, something generic and modular, as a part of
a few ideas I have running. I'm just wondering, though, what is the best
way to keep a user logged in authentically throughout multiple pages,
while not taxing the server with a lot of "Look in the database. Is this
them? Can they be here?" MySQL calls.

I'm just wondering how to cut down on the time spent querying the database
to make sure the user is legit on every page they hit. Are PHP sessions
the best way? If I use a stored session key, how do I store the key? Is
checking the database (against a stored cookie) an insignificant draw on
the processor? Should I give up PHP and learn farming?

Any insight is much appreciated.


Sessions. All you do is check if the user successfully logs in, and if he
does you set a session variable. All you really need is
$_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
the existence of this variable.


This method is enough for simple sites. But, for some fancy
sites that doesn't allow more than one login from different systems
(like Yahoo!) you should go for the trick as mentioned by Martin
http://martin.f2o.org/download/php-login-script/

---
"Dying is an art, like everything else"---Sylvia Plath
Email: rrjanbiah-at-Y!com
Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.