Exclusive lock on a script

Anon

Here's the situation.

I'm writing a script for a friend that allows his customers to manage mail aliases.
The server has only PHP3 and no database.

The authorisation is based on .htaccess files on the Apache server. No authorisation mechanisms are in the script itself.

Once the script starts, a temporary copy of his alias-file is made and changes are done to it. Once changes are complete, the user presses a button and changes are commited - the temporary file overwrites the original.

The problem is - how to disallow two people having the same login (for example two employees of the same company) to work on the same file at the same time?

I took many things into consideration, but there are two problems associated with it. The script is called multiple times with different parameters, so I cannot do a lock that just finishes working when the script ends. The lock has to stay there until the user loses connection, turns off the browser or commits changes.

Making a lock that disappears when the user commits changes would be easy. Just create a file once the user logs in and delete it when changes are commited.

But what happens if the user loses connection or turns off the browser without commiting changes? I can't find any mechanisms in PHP that would allow me to execute a command on unexpected loss of connection, and, besides, the script can be completed and then the user can lose the connection, so there's no way to check whether the user is still online...

Does anyone have any ideas how this could be done via some kind of lock-files? Or is this generally impossible? I can always create an option at the beginning of a script, which informs the user that either someone is now working on the same file or a connection has been lost, but that does not solve the problem, as the user won't know whether someone is actually now working on the files, or it's just the loss of connection that caused the temporary file to stay on the server...

Any help would be greatly appreciated...

kparker

Your approach will be very difficult, due to the stateless nature of http. But here's a method that may work, and it takes the "optimistic locking" view of things.

(1) Don't lock anything on reading.

(2) Keep at all times a copy (via a hidden form field or a session variable) a copy of the original aliases file.

(2) When and if the user POSTS a change for the alias file, compare the on-disk copy of the aliases file with your version made in step 2. If it's the same, nobody else has changed the file in the intervening time, so go ahead and post your update. (You will still want to use file locking at this point to prevent race conditions during the update.) If it has changed, then somebody else changed it while the first user was contemplating his changes, so you disallow his changes and make him start all over again.