Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder
    Join Date
    Oct 2009
    Location
    United States
    Posts
    157
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Client login preperation question

    Hello everyone!

    I have a question on what would be a good way to implement a client login system (database per client)

    For logging in, I see it as 3 fields to fill out. Client ID, Username, and password.

    Client ID would search the client database and pull their database name, and password.

    I'd then query their database users table to check if that user/pass combination exists.

    I'm just not sure how I should store their database name/password information (after logging in), or if I should just store a hashed id of the client id in a session/cookie and query the client database each time to get the table name/password when I need to access their database.

    I've seen some things that say not to query it every time, but store it in a session / cookie, but I don't see that being as reliable or secure at all for that matter.

    Any suggestions would be greatly appreciated. Thanks.
    Adobe Dreamweaver shall be destroyed!

  • #2
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,447
    Thanks
    71
    Thanked 102 Times in 101 Posts
    Seems like more work than is needed, Are you storing the client id in a different table?
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #3
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,332
    Thanks
    60
    Thanked 526 Times in 513 Posts
    Blog Entries
    4
    Set a session variable like this:

    $_SESSION['UserId'] = $UserId;

    Job done. All you need to do with each page call is:

    if (isset($_SESSION['UserId']))

    You can then pull user info from the DB using that session variable. You could even use a session table to store users session info by the user id if you want.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #4
    Regular Coder
    Join Date
    Oct 2009
    Location
    United States
    Posts
    157
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Yes, I know I can use the session to check if it exists, then use it to pull their info. That's not what I'm curious about. hehe.

    I will have a clients database. This will store their information, database table that that business is associated with, along with some other things.

    Each client/business will have their own database.

    I am wondering what would be the best way to retrieve their database information so I can pull from it. Example Below:

    1. client logs in with client id, username, password.
    2. Client id is searched for in the clients database. table name is pulled for next query.
    3. Query their business database and search users table checking if user and pass match a user in the table.
    4. If exists, login.

    Now, I am wondering what would be the best way to store that table information so that I can call it once they are in the module. I'm either thinking of storing the client ID in a cookie/session hashed and compare it with a hashed value in the clients database, and then pull the table information, etc.. for the queries in the module which will pull from their database.

    Or would it be better to store the table, etc. in a session, or some other method so that I do not need to query the clients database each time to get the database information? It's one query, so I don't see it being to big of a deal, but i was just trying to get some opinions before I implement it.
    Adobe Dreamweaver shall be destroyed!

  • #5
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,332
    Thanks
    60
    Thanked 526 Times in 513 Posts
    Blog Entries
    4
    No you don't use the session to check if it exists, you use the session to STORE DATA.

    Did I not just mention the use of sessions? - You've rejected it and now you're asking how to store data and should you use a session?

    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #6
    Regular Coder
    Join Date
    Oct 2009
    Location
    United States
    Posts
    157
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Yes, I meant I know I can check if a session exists, I worded it wrong. :P

    I have not rejected anything. I know I can store the user id of a user in a session, that has nothing to do with my question though.
    Adobe Dreamweaver shall be destroyed!

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,332
    Thanks
    60
    Thanked 526 Times in 513 Posts
    Blog Entries
    4
    Quote Originally Posted by votter View Post
    I'm just not sure how I should store their database name/password information (after logging in), or if I should just store a hashed id of the client id in a session/cookie and query the client database each time to get the table name/password when I need to access their database.
    As said earlier, JUST store the userid into the session. With each call to the page you can then pull out the appropriate data from the DB.

    Quote Originally Posted by votter View Post
    I've seen some things that say not to query it every time, but store it in a session / cookie, but I don't see that being as reliable or secure at all for
    Which then leads up to update hell. IF the user changes their password or username (or anything else for that matter) then you have to remember to update it not only in the DB but in the session, the cookie, etc etc. Just store the userid in the session once you have checked the user/pass during login and then anything else you can pull from the DB AS_AND_WHEN_NEEDED from the DB based on that ID.

    That really is the simplest way to do it and stops you getting confused, having multiple things to update etc etc.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #8
    Regular Coder
    Join Date
    Oct 2009
    Location
    United States
    Posts
    157
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Okay, so my original thinking was correct.

    Thank you for your time.
    Adobe Dreamweaver shall be destroyed!

  • #9
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,332
    Thanks
    60
    Thanked 526 Times in 513 Posts
    Blog Entries
    4
    Pretty much yes.

    Some people do strange things like pulling the data from the DB on login and storing it all into the session. Thats fine but once the codebase becomes huge then suddenly you could have data all over the place that you need to update. The most efficient way is just to keep it in mysql and grab/update as and when needed. Mysql is a very good bit of kit so it will handle the demand with ease.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • Users who have thanked tangoforce for this post:

    votter (11-19-2011)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •