PHP Session Management

Anon

Okay, I'm developing a script that requires authentication. I've got the script working by getting data from a user table in mysql and setting up session variables for each login. This all works fine. Now, my project calls for a bit of a tricky maneuver....

Basically, the protected inner page will have updatable forms (updating tables in mysql). I only want 1 user at a time to be able to write to these tables for obvious reasons. So, If I login as the first person for that session, I will have write access. Anyone else that logs in after me will only have read access. If I logout, it will reset and the next person to login will again have write access. Mind you, I only plan to have about 3 or 4 people with access to this page, however, the important thing is that if I login, the user with write access will be printed on the screen so I can boot him if necessary.

I hope I've explained this so it can be understood. I'm just looking for a push in the right direction. I'm sorta stumped here so any idea will do 🙂

Thanks for the help!

--Tom

dar-k

I don't think u can solve this with sessions, cuz the sessions work per-user, and not for the entire site.

My solution would be to store the name or id of the one with write access in a text file or in your db as soon as he/she logs in, and check it on every page load.
As soon as the writer logs out, u empty the text file or the spot in your db where the writer's stored, so the next one can actually write stuff.

fandelem

have a field somewhere in the table called "locked_by". whenever this field is empty, someone may:
1. occupy the locked_by field with their name
2. allowed to update tables

whenever the field is not empty:
1. allow only person matching locked_by to update.

i would recommend a timeout feature, maybe a field called "last_lock" and if X amount of time has elapsed, clear the locked_by field and allow the current user requesting access to update.

to boot, all you would have to do is change the "locked_by" field (a simple update SQL statement) and then the person who was originally updating would no longer have access.

cheers,

kyle