Re: PHP authentication for rookies

From: Michael Vilain (vilain_at_spamcop.net)
Date: 03/10/05 

Date: Thu, 10 Mar 2005 14:42:09 -0800

In article <QB3Yd.16142$Pz7.8530@newssvr13.news.prodigy.com>,
 "deko" <deko@hotmail.com> wrote:

> > Many php books discuss this at length. The main page captures the
> > username and password which you store however you will. Start a session
> > using the php session functions. Display the members main page. All
> > member pages check that there's valid session (usually this is done by a
> > cookie, but these functions still work if you turn off cookies, so I
> > don't know what they do with the browser). If not, bounce back to the
> > login page.
>
> Are there any advantages to using a database to store user credentials? I
> only have a few users at this point, so I'm wondering if I really need a
> database. From what I've read, I'll need to store 5 strings: Username,
> Password, Cookie, Session, and IP Address. Does it make any difference if
> these are stored in a flat file vs. a MySql database?

How many users are we talking about? How much traffic?

If you don't use a database now, you most likely will in the future.
Flat files don't scale or have the ability to do dynamic updates. If
you write your application so as to abstract the parts that do the
information retrieval and updating, you can drop a database in at some
point in the future.

But to me, flat files are harder to deal with than a database. You have
to read the file, parse it, store it in memory, and update the records
(e.g. passwords). All that has to be coordinated with other sessions.
A database does all this for you and gives you performance measurement
tools.

If the database stuff is scaring you, take a class or hire someone. 

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...
Loading