Best way to ensure a user is valid

Re: Best way to ensure a user is valid

On 2003-11-23, FLEB <soon.the.sp@mm ers.and.evil.on es.will.bow-down-to.us> wrote:[color=blue]
> (More info, if you're interested:) The system is going to consist of a
> single MySQL database, with global usernames, md5ed passwords, and the
> ability for each user to belong to some of a list of "domains", while
> keeping the same username and password. This way, the messageboard, the CD
> barcode site, and the restricted-access pages can all use the same database
> (easier for me) for authenticating users (for further user-data, each
> application will use its own code, with assurance that the logged in user
> is legit). Also, users can use one password to skip between "sub-sites" on
> my site.[/color]

Actually, this looks like you are making a Single Sign-on system.
There is already a really nice system available, CAS (http://www.yale.edu/tp/cas/)


--
verum ipsum factum

Re: Best way to ensure a user is valid

Regarding this well-known quote, often attributed to Tim Van Wassenhove's
famous "23 Nov 2003 01:04:09 GMT" speech:[color=blue]
>
> Actually, this looks like you are making a Single Sign-on system.
> There is already a really nice system available, CAS (http://www.yale.edu/tp/cas/)[/color]


True, I'm sure there's something out there, but I'm the kind who likes to
write it myself... it gives me the experience, plus I just like having the
system that I'm sure how it works.

Thanks for the link, tho'.

--
-- Rudy Fleminger
-- sp@mmers.and.ev il.ones.will.bo w-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com

Re: Best way to ensure a user is valid

FLEB:
[color=blue]
> I'm working on a logon system, something generic and modular, as a part of
> a few ideas I have running. I'm just wondering, though, what is the best
> way to keep a user logged in authentically throughout multiple pages,
> while not taxing the server with a lot of "Look in the database. Is this
> them? Can they be here?" MySQL calls.
>
> I'm just wondering how to cut down on the time spent querying the database
> to make sure the user is legit on every page they hit. Are PHP sessions
> the best way? If I use a stored session key, how do I store the key? Is
> checking the database (against a stored cookie) an insignificant draw on
> the processor? Should I give up PHP and learn farming?
>
> Any insight is much appreciated.[/color]

Sessions. All you do is check if the user successfully logs in, and if he
does you set a session variable. All you really need is
$_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
the existence of this variable. See the manual for more details on how
sessions work.

André Næss

Re: Best way to ensure a user is valid

Regarding this well-known quote, often attributed to André Næss's famous
"Sun, 23 Nov 2003 15:14:10 +0000" speech:
[color=blue]
> FLEB:
>[color=green]
>> I'm working on a logon system, something generic and modular, as a part of
>> a few ideas I have running. I'm just wondering, though, what is the best
>> way to keep a user logged in authentically throughout multiple pages
>> (snip)[/color][/color]
[color=blue]
> Sessions. All you do is check if the user successfully logs in, and if he
> does you set a session variable. All you really need is
> $_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
> the existence of this variable. See the manual for more details on how
> sessions work.
>
> André Næss[/color]

Good deal... I'll look into those. Thanks.

--
-- Rudy Fleminger
-- sp@mmers.and.ev il.ones.will.bo w-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com

Re: Best way to ensure a user is valid

André Næss <andrena.spamre allysucks@ifi.u io.no> wrote in message news:<bpqf2u$7b q$1@maud.ifi.ui o.no>...[color=blue]
> FLEB:
>[color=green]
> > I'm working on a logon system, something generic and modular, as a part of
> > a few ideas I have running. I'm just wondering, though, what is the best
> > way to keep a user logged in authentically throughout multiple pages,
> > while not taxing the server with a lot of "Look in the database. Is this
> > them? Can they be here?" MySQL calls.
> >
> > I'm just wondering how to cut down on the time spent querying the database
> > to make sure the user is legit on every page they hit. Are PHP sessions
> > the best way? If I use a stored session key, how do I store the key? Is
> > checking the database (against a stored cookie) an insignificant draw on
> > the processor? Should I give up PHP and learn farming?
> >
> > Any insight is much appreciated.[/color]
>
> Sessions. All you do is check if the user successfully logs in, and if he
> does you set a session variable. All you really need is
> $_SESSION['logged_in'] = TRUE; On all the relevant pages you just check for
> the existence of this variable.[/color]

This method is enough for simple sites. But, for some fancy
sites that doesn't allow more than one login from different systems
(like Yahoo!) you should go for the trick as mentioned by Martin


---
"Dying is an art, like everything else"---Sylvia Plath
Email: rrjanbiah-at-Y!com