...

View Full Version : Client login preperation question



votter
11-19-2011, 05:49 PM
Hello everyone! :)

I have a question on what would be a good way to implement a client login system (database per client)

For logging in, I see it as 3 fields to fill out. Client ID, Username, and password.

Client ID would search the client database and pull their database name, and password.

I'd then query their database users table to check if that user/pass combination exists.

I'm just not sure how I should store their database name/password information (after logging in), or if I should just store a hashed id of the client id in a session/cookie and query the client database each time to get the table name/password when I need to access their database.

I've seen some things that say not to query it every time, but store it in a session / cookie, but I don't see that being as reliable or secure at all for that matter.

Any suggestions would be greatly appreciated. Thanks.

myfayt
11-19-2011, 06:20 PM
Seems like more work than is needed, Are you storing the client id in a different table?

tangoforce
11-19-2011, 06:20 PM
Set a session variable like this:

$_SESSION['UserId'] = $UserId;

Job done. All you need to do with each page call is:

if (isset($_SESSION['UserId']))

You can then pull user info from the DB using that session variable. You could even use a session table to store users session info by the user id if you want.

votter
11-19-2011, 06:35 PM
Yes, I know I can use the session to check if it exists, then use it to pull their info. That's not what I'm curious about. hehe.

I will have a clients database. This will store their information, database table that that business is associated with, along with some other things.

Each client/business will have their own database.

I am wondering what would be the best way to retrieve their database information so I can pull from it. Example Below:

1. client logs in with client id, username, password.
2. Client id is searched for in the clients database. table name is pulled for next query.
3. Query their business database and search users table checking if user and pass match a user in the table.
4. If exists, login.

Now, I am wondering what would be the best way to store that table information so that I can call it once they are in the module. I'm either thinking of storing the client ID in a cookie/session hashed and compare it with a hashed value in the clients database, and then pull the table information, etc.. for the queries in the module which will pull from their database.

Or would it be better to store the table, etc. in a session, or some other method so that I do not need to query the clients database each time to get the database information? It's one query, so I don't see it being to big of a deal, but i was just trying to get some opinions before I implement it.

tangoforce
11-19-2011, 07:04 PM
No you don't use the session to check if it exists, you use the session to STORE DATA.

Did I not just mention the use of sessions? - You've rejected it and now you're asking how to store data and should you use a session?

:confused:

votter
11-19-2011, 07:10 PM
Yes, I meant I know I can check if a session exists, I worded it wrong. :P

I have not rejected anything. I know I can store the user id of a user in a session, that has nothing to do with my question though.

tangoforce
11-19-2011, 07:18 PM
I'm just not sure how I should store their database name/password information (after logging in), or if I should just store a hashed id of the client id in a session/cookie and query the client database each time to get the table name/password when I need to access their database.

As said earlier, JUST store the userid into the session. With each call to the page you can then pull out the appropriate data from the DB.



I've seen some things that say not to query it every time, but store it in a session / cookie, but I don't see that being as reliable or secure at all for

Which then leads up to update hell. IF the user changes their password or username (or anything else for that matter) then you have to remember to update it not only in the DB but in the session, the cookie, etc etc. Just store the userid in the session once you have checked the user/pass during login and then anything else you can pull from the DB AS_AND_WHEN_NEEDED from the DB based on that ID.

That really is the simplest way to do it and stops you getting confused, having multiple things to update etc etc.

votter
11-19-2011, 07:21 PM
Okay, so my original thinking was correct.

Thank you for your time. :)

tangoforce
11-19-2011, 07:26 PM
Pretty much yes.

Some people do strange things like pulling the data from the DB on login and storing it all into the session. Thats fine but once the codebase becomes huge then suddenly you could have data all over the place that you need to update. The most efficient way is just to keep it in mysql and grab/update as and when needed. Mysql is a very good bit of kit so it will handle the demand with ease.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum