Member Avatar for changeco

I'm not new to php, but, I'm not a great coder either... I'm not too familiar with sessions and session variables.

I have been tasked with building an online "management" system for the eLearning we're offering. We have one .swf file for eLearning currently, but, have 23 in production so the solution needs to be scalable.

The concept is pretty straight forward... The admin logs into an admin area and adds a user with a username/password, adding them to a product(s) with various start and end dates...

Therefore, the user logs in with username and password and is able to view all their respective products and expiration dates, otherwise they're thrown to a expiration.php page.

I have 3 tables, Product, User and Timebomb. I am able to add information to the DB into the 3 tables from one form in the admin, so that works...

I do have two questions though:

In the communities opinion, what's the best way to capture the user information from the login page? Session, or pass a url variable, e.g. link.php?UserID=100 and left join the ProductID TimebombID on the home page via mySQL?

Should the timebomb be a javascript, php calculation or a mySQL check?

Any suggestions would rock...

Thanks,
Ted

  • 2 Contributors
  • 1 Reply
  • 90 Views
  • 23 Hours Discussion Span
  • Latest Post Latest Post by blocblue
Member Avatar for blocblue

Hi Ted,

You may find you get more responses if you post this in the PHP forum.

With regard to passing user data, don't use the URL, as this would allow any user to log in as anyone. E.g.

// user 100's data
link.php?uid=100;

// user 101's data
link.php?uid=101;

With the timing side of this, you best use the server's time. PHP is a server side language, whereas JavaScript is client side. If you use JS therefore, the user can manipulate the time themselves. Server side will keep things consistent for all users.

You could use sessions for passing user data around your application. I would advise storing the session id in your database when a user logs in, against which you make a comparison everytime a user access a page, hence verifying the session was created by your login script, and not fabricated.

Best,

R.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.