Hello and good morning,
I am going to make an application that will be used by 40 - 60 people. It is possible that there can be more than one users accessing the database at a time.
I understand that here you need to do work with sessions to differ one user from another entering the data in same table at the same time, correct?
Here I have an approach. I will be using sessions that will have user login and the user ip address.
Session already started.
if (match_referer() && isset($HTTP_POST_VARS)) {
$user = verify_login($HTTP_POST_VARS["username"], $HTTP_POST_VARS["password"]);
if ($user) {
$timee = time();
$SESSION["user"] = $username;
$SESSION["ip"] = $REMOTE_ADDR;
$SESSION["timey"] = $timee;
/* if wantsurl is set, that means we came from a page that required
* log in, so let's go back there. otherwise go back to the main page */
$goto = $CFG->userdir;
header("Location: $goto");
die;
} else {
$errormsg = "Invalid login, please try again";
$frm["username"] = $HTTP_POST_VARS["username"];
}
}
The session variable will be transfered to other page. Just to display you guys:
session_start();
If($SESSION["ip"] == NULL or $SESSION["user"] == NULL ) {
print "go away";
}
else {
print $SESSION["ip"] . $SESSION["user"] . $SESSION["timey"];
}
Now here is my question. Is it ok to use such approach or shall I put 32 characters session variable in the database and access it when the login and password will be correct, and then transfer among the rest of the procedure?
I hope that I am not asking any crazy question 🙂 Please let me know if you have any suggestions.
