Re: PHP authentication for rookies

From: Michael Vilain (vilain_at_spamcop.net)
Date: 03/10/05 

Date: Thu, 10 Mar 2005 14:42:09 -0800

In article <QB3Yd.16142$Pz7.8530@newssvr13.news.prodigy.com>,
 "deko" <deko@hotmail.com> wrote:

> > Many php books discuss this at length. The main page captures the
> > username and password which you store however you will. Start a session
> > using the php session functions. Display the members main page. All
> > member pages check that there's valid session (usually this is done by a
> > cookie, but these functions still work if you turn off cookies, so I
> > don't know what they do with the browser). If not, bounce back to the
> > login page.
>
> Are there any advantages to using a database to store user credentials? I
> only have a few users at this point, so I'm wondering if I really need a
> database. From what I've read, I'll need to store 5 strings: Username,
> Password, Cookie, Session, and IP Address. Does it make any difference if
> these are stored in a flat file vs. a MySql database?

How many users are we talking about? How much traffic?

If you don't use a database now, you most likely will in the future.
Flat files don't scale or have the ability to do dynamic updates. If
you write your application so as to abstract the parts that do the
information retrieval and updating, you can drop a database in at some
point in the future.

But to me, flat files are harder to deal with than a database. You have
to read the file, parse it, store it in memory, and update the records
(e.g. passwords). All that has to be coordinated with other sessions.
A database does all this for you and gives you performance measurement
tools.

If the database stuff is scaring you, take a class or hire someone. 

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...

Relevant Pages

  • Re: another way
    ... > Is it possible to store persistant data in anything other than a ... store data in a continuous loop. ... tell if that is a database or flat files, but it seems to persist out ...
    (comp.databases.oracle.server)
  • Re: Session or...?
    ... Typically you want to minimize the number of database trips, as well as minimize the amount of information you hold in memory. ... User Credentials, Shopping Cart Contents, Misc Preferences. ... The session would be a good place to store the ID and Qty. ...
    (microsoft.public.dotnet.general)
  • Re: PHP MySQL object question
    ... In more complicated applications I layer a business object on top of the database objects. ... For instance, a business object may get information from several different tables, and when you update the data in the business object, it updates the underlying tables. ... Since I am only dealing with one composite record at a time I was planning to store the original field data for before and after comparison to determine when and where updates are needed. ... I could do it as separate session variables, but since each table record will have an associated object, why not just store them that way? ...
    (comp.lang.php)
  • Re: Caching often-used SQL queries
    ... The problem is that neither one of those are user (session) specific. ... need to enable sessions and store the data in the session context. ... Second - you'd be caching so much data that it would ... And if you tune your database server you'll spend much more time processing ...
    (microsoft.public.dotnet.framework.performance)
  • Re: Session sharing between ASP and ASP.NET
    ... In my opinion, and though it may vary depending on the nature of your application, a database to store temporary information based on GUID or some other form of session key generated when the user hits the site and persists during the duration of their visit, would be easier than Yuen's example. ...
    (microsoft.public.dotnet.framework.aspnet.webcontrols)