473,226 Members | 1,663 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,226 software developers and data experts.

Best way to ensure a user is valid

I'm working on a logon system, something generic and modular, as a part of
a few ideas I have running. I'm just wondering, though, what is the best
way to keep a user logged in authentically throughout multiple pages, while
not taxing the server with a lot of "Look in the database. Is this them?
Can they be here?" MySQL calls.

I'm just wondering how to cut down on the time spent querying the database
to make sure the user is legit on every page they hit. Are PHP sessions the
best way? If I use a stored session key, how do I store the key? Is
checking the database (against a stored cookie) an insignificant draw on
the processor? Should I give up PHP and learn farming?

Any insight is much appreciated.

(More info, if you're interested:) The system is going to consist of a
single MySQL database, with global usernames, md5ed passwords, and the
ability for each user to belong to some of a list of "domains", while
keeping the same username and password. This way, the messageboard, the CD
barcode site, and the restricted-access pages can all use the same database
(easier for me) for authenticating users (for further user-data, each
application will use its own code, with assurance that the logged in user
is legit). Also, users can use one password to skip between "sub-sites" on
my site.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #1
5 2042
On 2003-11-23, FLEB <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote:
(More info, if you're interested:) The system is going to consist of a
single MySQL database, with global usernames, md5ed passwords, and the
ability for each user to belong to some of a list of "domains", while
keeping the same username and password. This way, the messageboard, the CD
barcode site, and the restricted-access pages can all use the same database
(easier for me) for authenticating users (for further user-data, each
application will use its own code, with assurance that the logged in user
is legit). Also, users can use one password to skip between "sub-sites" on
my site.


Actually, this looks like you are making a Single Sign-on system.
There is already a really nice system available, CAS (http://www.yale.edu/tp/cas/)
--
verum ipsum factum
Jul 17 '05 #2
Regarding this well-known quote, often attributed to Tim Van Wassenhove's
famous "23 Nov 2003 01:04:09 GMT" speech:

Actually, this looks like you are making a Single Sign-on system.
There is already a really nice system available, CAS (http://www.yale.edu/tp/cas/)

True, I'm sure there's something out there, but I'm the kind who likes to
write it myself... it gives me the experience, plus I just like having the
system that I'm sure how it works.

Thanks for the link, tho'.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #3
FLEB:
I'm working on a logon system, something generic and modular, as a part of
a few ideas I have running. I'm just wondering, though, what is the best
way to keep a user logged in authentically throughout multiple pages,
while not taxing the server with a lot of "Look in the database. Is this
them? Can they be here?" MySQL calls.

I'm just wondering how to cut down on the time spent querying the database
to make sure the user is legit on every page they hit. Are PHP sessions
the best way? If I use a stored session key, how do I store the key? Is
checking the database (against a stored cookie) an insignificant draw on
the processor? Should I give up PHP and learn farming?

Any insight is much appreciated.


Sessions. All you do is check if the user successfully logs in, and if he
does you set a session variable. All you really need is
$_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
the existence of this variable. See the manual for more details on how
sessions work.

André Næss
Jul 17 '05 #4
Regarding this well-known quote, often attributed to André Næss's famous
"Sun, 23 Nov 2003 15:14:10 +0000" speech:
FLEB:
I'm working on a logon system, something generic and modular, as a part of
a few ideas I have running. I'm just wondering, though, what is the best
way to keep a user logged in authentically throughout multiple pages
(snip)
Sessions. All you do is check if the user successfully logs in, and if he
does you set a session variable. All you really need is
$_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
the existence of this variable. See the manual for more details on how
sessions work.

André Næss


Good deal... I'll look into those. Thanks.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #5
André Næss <an*********************@ifi.uio.no> wrote in message news:<bp**********@maud.ifi.uio.no>...
FLEB:
I'm working on a logon system, something generic and modular, as a part of
a few ideas I have running. I'm just wondering, though, what is the best
way to keep a user logged in authentically throughout multiple pages,
while not taxing the server with a lot of "Look in the database. Is this
them? Can they be here?" MySQL calls.

I'm just wondering how to cut down on the time spent querying the database
to make sure the user is legit on every page they hit. Are PHP sessions
the best way? If I use a stored session key, how do I store the key? Is
checking the database (against a stored cookie) an insignificant draw on
the processor? Should I give up PHP and learn farming?

Any insight is much appreciated.


Sessions. All you do is check if the user successfully logs in, and if he
does you set a session variable. All you really need is
$_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
the existence of this variable.


This method is enough for simple sites. But, for some fancy
sites that doesn't allow more than one login from different systems
(like Yahoo!) you should go for the trick as mentioned by Martin
http://martin.f2o.org/download/php-login-script/

---
"Dying is an art, like everything else"---Sylvia Plath
Email: rrjanbiah-at-Y!com
Jul 17 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: David | last post by:
Hello. I am looking for advice on what is "best practice" regarding looping through a form to check its checkboxes and associated data fields. Here is what I am trying to do (Here is the page...
131
by: Peter Foti | last post by:
Simple question... which is better to use for defining font sizes and why? px and em seem to be the leading candidates. I know what the general answer is going to be, but I'm hoping to ultimately...
3
by: Sasha | last post by:
Hi everybody, I would like to hear your thoughts on the following problem. We have the following classes. Class Exam int ID* int Version* string Name
7
by: Matt | last post by:
I want to test the blank data in required field. If the user enter blank data, the following code still not work. But if I test for the length of a string, it doesn't work also, any ideas??...
2
by: Mike Button | last post by:
Hello all, I am really really desperate on what I should do, and I am asking for help from anyone in this newsgroup, here's the situation: I am creating a form that is being run on a server...
0
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
7
by: h7qvnk7q001 | last post by:
I'm trying to implement a simple server-side form validation (No Javascript). If the user submits a form with errors, I want to redisplay the same form with the errors highlighted. Once the form...
5
by: sudeerao | last post by:
Please let me know how do we effectively and quickly test a php code ?
10
by: Fred | last post by:
I'm researching and I see various approaches, with or without regex. So I'm asking for opinions on which is the best - that is, the most thorough. Thanks.
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.