sessions
yes you are right ramz, test and see,
but hte problem is that i havent done before an applicaiton to incorporate maybe 500 users at the same time so i dont know which is best.
i use a function to set tokens once a login is suceeded. there there 5 session variables created. 5 session variables times 500 users would be a server load? 
here is the code that i use to set variables once a login has succeeded :
PHP Code:
//some are objects that manipulate the database objects
//from objects.inc
include('objects.inc');
$loginsuccess=0;
$success = false;
unset($success);
//functino to check if user is logged in
function user_isloggedin() {
// This function will only work with superglobal arrays, because
// I'm not passing in any values or declaring globals
global $supersecret_hash_padding, $success;
// Have we already run the hash checks?
// If so, return the pre-set var
if (isSet($success)) {
return $success;
}
if (isset($_SESSION['valid_user'])) {
return true;
} else {
return false;
}
}
function user_login($formname,$formpass) {
global $psl_hash, $loginsuccess;
// This function will only work with superglobal arrays, because
// I'm not passing in any values or declaring globals
if (!$formname || !$formpass) {
$feedback = 'ERROR - Missing username or password';
return $feedback;
exit;
} else {
$formname = strtolower($formname);
// Don't need to trim because extra spaces should fail for this
// Don't need to addslashes because single quotes aren't allowed
$formpass = strtolower($formpass);
//create new object
$login = new Account;
$login->account();
//get account details based on username
$login->get("username",$formname);
//if the suername is not found set flag loginsuccess to 0
if(($login->username=="")||($login->username==NULL)||(!$login->username)){ $loginsuccess= 0;}
$handle = $login->username;
$pass = $login->userpass;
//scrable the result with hash variable( unicque ticket)
$result = $handle.$pass.$psl_hash;
//produce the same digest variable from form variables
$forms = $formname.$formpass.$psl_hash;
//compare results
if ($result == $forms) {
if($login->activated=="Y"){
//set the flag
$loginsuccess = 1;
user_set_tokens($formname,$login->priv_id,$login->member_id,$login->ID);
return $loginsuccess;
}else{
$loginsuccess = 0;
$feedback = 'Your account has not been activated..!<br>';
return $feedback;
exit;
}
}else {
$loginsuccess = 0;
$feedback = 'Invalid login details!.Please go back and try again<br>';
return $feedback;
exit;
}
//return $loginsuccess;
}
}//end of function user_login()
//function to call when user logs out
// destroy session
function user_logout() {
/* setcookie('user_name', '', (time()+2592000), '/', '', 0);
setcookie('id_hash', '', (time()+2592000), '/', '', 0);*/
// Unset all of the session variables.
session_unset();
// Finally, destroy the session.
session_destroy();
}
//function: to set the session variables if login is correct
//takes in as parameters username, privilidge id and memebrship id
function user_set_tokens($user_name_in,$p,$m,$id) {
global $supersecret_hash_padding,$HTTP_SESSION_VARS;
if (!$user_name_in) {
$feedback = 'ERROR - No username';
return false;
}
$user_name = strtolower($user_name_in);
$id_hash = md5($user_name.$supersecret_hash_padding);
$last = time();
/*
$cookie_id = md5(uniqid(rand()));
setcookie('PHPSESSID',$cookie_id,(time()+2592000), '/', '', 0);
*/
/* $id_hash = md5($user_name_in.$supersecret_hash_padding);
send_htCookie("user_name",$user_name_in,(time()+2592000), '/','',1);
send_htCookie("id_hash",$id_hash,(time()+2592000), '/','',1);*/
/*setcookie('user_name', $user_name, (time()+2592000), '/', '', 0);
setcookie('id_hash', $id_hash, (time()+2592000), '/', '', 0);*/
//setcookie('pid', $p, (time()+2592000), '/', '', 0);
//setcookie('mid', $m, (time()+2592000), '/', '', 0);
//make a unique ticket to carry on session
$id_hash = md5($user_name_in.$supersecret_hash_padding);
$_SESSION['id_hash']=$id_hash;
$_SESSION['valid_user']=$user_name_in;
$_SESSION['lasttime']=$last;
$_SESSION['pid']=$p;
$_SESSION['mid']=$m;
$_SESSION['aid']=$id;
}
/******************************
ysage:
send_htCookie(string varname (required),string varval,int expire,
string path, string domain, bool secure);
******************************/
function send_htCookie() {
$vars=array('varname','varval','expire', 'path','domain','secure');
for ($i=0;$i<func_num_args();$i++) {
${$vars[$i]}=func_get_arg($i);
}
if (!$varname) { return false; }
$COOKIE = "Set-Cookie: $varname=$varval";
if (isset($expire) && ($expire > 0)) {
$COOKIE .= "; EXPIRES=".
gmdate("D, d M Y H:i:s",$expire) .
" GMT";}
if (isset($domain)) { $COOKIE .= "; DOMAIN=$domain"; }
if (isset($path)) { $COOKIE .= "; PATH=$path"; }
if (isset($secure) && $secure>0) { $COOKIE .= "; SECURE"; }
header($COOKIE,false);
return true;
}
|
Dev Articles Community Forums Sponsor:
February 11th, 2003, 10:13 AM
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
