Please help me optimise my login.

bloo

Well I was looking at my login script and thinking that I could probably write a more efficient version, but I'm not really sure how to go about doing so.

For the moment $stat is either 0 or 1, 0 representing enables and 1 disabled. In the future I hope to make it a bit coded value, that could perhaps contain the typeid (The typeid representing various user levels. For this particular section (admin) only admin users may log in.)

(I have no idea how to handle a bit coded value, if anyone knows of any good tutorials, or has a good idea please post that too.)

I will look into better security, such as md5 the password when I get the basics sorted out 😉

Anyway this is how it goes, the rest is fairly self explanatory.

<?php
error_reporting (E_ALL ^ E_NOTICE);

include ("lib/config.php");

session_start();

$handle = fopen ($usersDB,"rb");

while ($items = fscanf ($handle, "%[^|]|%[^|]|%[^|]|%[^|]|%[^|]|%[^|]\n")) {
	list ($id, $stat, $typeid, $user, $pass, $description) = $items;

if ($_POST["username"] == $user) {
	if ($_POST["password"] == $pass) {
		if ($stat != 1) {
			if ($typeid == 1) {
				$_SESSION["login"] = "true";
				header("Location:index.php");
				exit;
			} else {
				$_SESSION["error"] = "<p style=\"color:red;\">The user specified does not have admin rights.</p>";
				header("Location:loginform.php");
				fclose ($handle);
				exit;
			}
		} else {
			$_SESSION["error"] = "<p style=\"color:red;\">The user account specified has been dissabled.</p>";
			header("Location:loginform.php");
			fclose ($handle);
			exit;
		}
	} else {
		$_SESSION["error"] = "<p style=\"color:red;\">The password specified was incorrect.</p>";
		header("Location:loginform.php");
		fclose ($handle);
		exit;
	}
}
}

$_SESSION["error"] = "<p style=\"color:red;\">The user name specified was not found on the server.</p>";
header("Location:loginform.php");

fclose ($handle);

?>

Thanks for taking a lok 😉

I know I posted this in the wrong forum, if I could move it to coding I would, sorry.

swr

Use a database. This may sound like it would be less efficient than using a simple text file, but if you have a lot of users it can end up being far more efficient.

Databases can have indexes. This can greatly speed up searching for a record. Using a flat text file, you have to scan (on average) 50% of all records in order to find the one you want. With a database you could create an index on the username column and the DB would only have to look at log(n) entries in the index before it found the one it's looking for.

bloo

Hmm yeah I see how that would be a lot faster 😉
I guess I just decided to go with the txt db for simplicity, not that connecting to a database is very difficult, but you know, for set up and that.

Anyway, to make it a little easier I tried to remove as much information as possible from the db and store it separately, such as preferences, e-mail, etc. In the hope that would make it run a little faster. Of course the script is only intended for a site with a small user base. Still how many users do you think I could get before I ran into slowness issues, being located on a mid range shared server. (The CMS caches like almost everything so viewing the site doesn't take much.)

I could probably drop the description to make it a little faster.

Otherwise that is about he fastest way to do what I am attempting to do, the if-else tree 😉

drawmack

maintain an index file that just stores the username's and a number that indicates where the record is stored in the file with all the information. Make sure that the index file is kept in alphabetical order. Then you can search through the index file using a binary search instead of a linear search and if/when the username is found jump to the right stop in the big file.

Also you'll want to stop your search as soon as you've found a matching username, currently your code searches the entire file even if the name it needs is the first one it finds.

bloo

Ah interesting drawmack, um thing is it would be great if you could point me in the direction of some tutorials, specific manual entries, or explain with example because I don't know how to go about doing what you describe 🙁]

thanks

So with the current system the open function will just load the entire file, so it doesnt really make much differance that it stops the loop once it has found the matching user?

Jin

As drawmack mentioned, in order to perform a binary search, the data MUST be sorted.

you may need 3 arguments to perform binary search:
1. the size of the record for search strings
2. the value of user input string (ie. 'danny')
3. all the values of the record of search strings

set low to 0;
set high = size - 1;

while (low <= high)
{
midpoint = (low+high)/2 // this is to find the midpoint of the size of the database of your data strings (ie ID at 1, string = danny, ID at 2, string = howard,

if key == data string at midpoint
return midpoint;

if key < data string at midpoint
high = midpoint - 1;

else
low = midpoint + 1;

if none of the above conditions are satisfied
return a different value (ie. -1)
}

Hope this helps