SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Thread: Login system

  1. #1
    SitePoint Member
    Join Date
    Nov 2004
    Location
    Earth
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Login system

    Is there an accepted method for dealing with user logins? My thought was to put the username and md5ed password in a PHP session. Or is setting something like $_SESSION("login") = 1 sufficient. The site I'm creating isn't more than a dating service and the database does NOT hold any sensitive info like credit info or anything like that. All payment info and such will be handled by paypal. Basically the site flow is like this:
    ) user goes to site
    2) inputs contact info
    3) input listing information (interests, hobbies, etc)
    4) previews the listing
    5) clicks on link to be redirected to Paypal
    6) upon payment, user is redirected back to site, upon which all the info stored in a session is inserted into a database
    7) users can login and change their listing information.

    Can anyone share some expriences on creating a user login system? Thanks.

  2. #2
    SitePoint Zealot Pozor's Avatar
    Join Date
    Apr 2004
    Location
    Switzerland
    Posts
    114
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi ludwig,

    i handle this with a table with useralias and md5ed password. each user has a unique
    id (userid). the first (number 1) is never occupied, becuase it is reserved for the anonymous user (not logged in).
    then i store after the login only the userid in the session. so if user id is greater then 1,
    its a valid user.

    this comes in handy when you have lots of stuff like authentication and so on, where
    you need to know or need to make some querys on the db, to get the right...

    just some thoughts on this.

    When i need to add some information to a user, ist quite easy -> you need only the
    userid to assignh the data to the particular user.

    greez Pozor

  3. #3
    SitePoint Member
    Join Date
    Nov 2004
    Location
    Earth
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, I think I'd prefer to not have db lookups happen on every page on the site. I have some pages that are just HTML. The only pages that will be doing any sort of db lookups are the search pages and any pages after the login page. Do you know of any articles that deal with creating a login system. I mean I've created them before, but I'd like to know what is the currently accepted way of doing this. Thanks.

  4. #4
    PHP Otaku Gibb's Avatar
    Join Date
    Jul 2004
    Location
    Texas
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you could do something like this (kind of what i do for my site):

    1.) User registers and useralias, email, and encrypted password are stored in DB.
    2.) Once user logs in, $_SESSION variables are set:
    $_SESSION['user_id'] = $id from DB
    $_SESSION['access'] = $access from DB
    3.) If the user has paid already, their access is set to 'paid' or whatever you wish to use in the DB, which is what's used in the session variable.
    4.) On pages that the user has to pay to see, just check to see if their $_SESSION['access'] variable matches 'paid'.

  5. #5
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    There are many ways of doing it, personally I follow something like Gibbs. Works for me (and him!)

    Off Topic:


    Personally prefer the moonlight sonata 3rd movement
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  6. #6
    PHP Otaku Gibb's Avatar
    Join Date
    Jul 2004
    Location
    Texas
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Off Topic:


    spikeZ, i'm curious as to what "Plank" means, since i'm not familiar with the UK terminology hehe. I've heard of Plonker before, but never Plank.

  7. #7
    Forum Buyer
    Join Date
    Jun 2004
    Location
    United States
    Posts
    811
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You don't have to call the DB on every page. Just register a session and check the session each page that needs it, like so:

    // Ad all your login functions here. Then after user is logged in, register the session variables.
    // Note: You can register all the variables you want like username and other profile fields for easy passing
    // to the script later for whatever reason.

    PHP Code:
    session_register('usernamed');
            
    $_SESSION['username'] = $username
    // OK, now add the following to any page you want the user to be logged in to access.

    PHP Code:
    if (!$_SESSION['username']) {

        echo 
    "YOUR MESSAGE STATING THEY AREN'T LOGGED IN HERE";
        exit();


    Founder/Admin of a pretty decent chat forum
    Download free winterboard themes for your iPhone
    I run sites powered by vbulletin and one about the HTC Jetstream.

  8. #8
    SitePoint Member
    Join Date
    Nov 2004
    Location
    Earth
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all your replies, I just decided to save myself some time and use Pear::Auth for the authentication system. I'm not crazy about it but it works. I looked for a "authenticate to database" and that's it type of premade system but couldn't find one, Pear::Auth was the most stripped down I could find... and didn't have tons of echos in the class code.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •