Jump to content


Photo

user authentication and some related issues


  • Please log in to reply
14 replies to this topic

#1 raza.shahzad

raza.shahzad
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 11 August 2006 - 10:34 PM

Hi there.
Please tell me whether there is a way by which the server can standalone'ly check that the user is online or not. the user authentication thing.
I don't want the browser to tell me that the user is online by setting up cookies or by other means. because i find that if the cookies are disabled the website is set useless. please help in this regard.
PHP freaks asks for the login duration when we log in (60mins) or unlimited. i want some technique by which the server may check whether the user is online or not.

#2 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 11 August 2006 - 11:40 PM

Two ways....use sessions or keep track of IPs.

Both are essentially the same.  Keep track of page visits from users by recording their ip/session value in a db along with a time stamp, when you haven't seen a page hit from their session var and/or IP for a period of time, consider them no longer online.

#3 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 11 August 2006 - 11:49 PM

there is essentially no way to track a user through your website unless you use sessions or cookies; this is a little redundant, since sessions actually rely on cookies anyhow.

you can only keep track of and authenticate users on your site WITHOUT sessions if you force them to provide their credentials on EVERY PAGE (unless you pass their credentials by URL parameters from page to page, in which case why even bother having an authentication system?).  this quickly becomes tiresome for users, plenty more tiresome than simply allowing cookies for your domain.

#4 raza.shahzad

raza.shahzad
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 12 August 2006 - 12:02 AM

Dear Mr. HitMan,
your suggestion is good, same as what i thaught once and is acceptable. please clear to me one thing about the time/expiration thing that you mentioned in your reply to my question.
when the user is offline for a long period is it the duty of server admin(me) to delete manually the username or the login info from the database or the PHP script will automatically delete the login info. what is the possibility without using the cookies or sessions.
cookies are what i can use but i am confused about sessions because i have not learned much about them. i just know that they have some relation with cookies and object oriented programming too.

#5 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 12 August 2006 - 12:11 AM

they actually have nothing to do with OOP unless you make them related to OOP.  they're just like any other function in the PHP arsenal.

perhaps a little light reading on sessions is in order.

#6 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 12 August 2006 - 12:32 AM

I'm not positive, but I'm relatively sure, that the way that SMF tracks when users are "online" is by monitoring their page views.  In other words, when I visit a page, they record it in the database (which helps with determining which threads I've viewed, which I've posted in, etc.), along with the timestamp of when that page was viewed.

When they build the list of "online" people at the top, they are going into that table and pulling the names of the users who have viewed a page within the last few minutes (I think it's 15 for SMF, but it's been a while since I admin'd SMF).  If a user hasn't viewed a new page in 15 minutes, then they are consitered "offline".

when the user is offline for a long period is it the duty of server admin(me) to delete manually the username or the login info from the database or the PHP script will automatically delete the login info.


You don't have to delete anything.  The server determines whether the user is "online" by the timestamp (i.e. if less than 15 minutes has expired since the last page visit, they are online, otherwise they are offline).

#7 raza.shahzad

raza.shahzad
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 12 August 2006 - 12:50 AM

thankyou sir,
you have helped me to recall what i once put on paper and forgot.
the idea that you provided matches the one i created in my mind a few days ago(although i am not the pioneer of this idea). i am once again thankful to you for your generous help.


#8 mainewoods

mainewoods
  • Members
  • PipPipPip
  • Advanced Member
  • 685 posts
  • LocationMaine

Posted 12 August 2006 - 01:03 AM

I'm sure SMF uses sessions and session cookies because no session id shows on the url.  Every time someone logged on hits a page, then that page can retrieve the session variables related to that person and can then put the persons username in a communal file which is then included or called into the pages to give the list of currently logged on users.  As well the communal file will stamp the persons username with the time as well.  When the file is then accessed and a username is found with a time stamp that is > x minutes in the past, then that username is deleted from the communal list and will disappear from the list at the top of the page.

#9 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 12 August 2006 - 01:22 AM

Every time someone logged on hits a page, then that page can retrieve the session variables related to that person and can then put the persons username in a communal file which is then included or called into the pages to give the list of currently logged on users.


Whenever you visit a page generated by SMF it calls the function "writelog()".  That function deletes all users in the "log_online" table who have not visited a page in the predetermined period of time, and inserts your username, the page, and the timestamp into the table.

To determine who is online, it uses the function "ssi_whosOnline" to retreive the users who are listed in the log_online table (remember it removes "offline" users everytime a page is loaded).

It does not use a file in the file system to keep track of who is online.  They do use sessions while you are logged in, however to keep you logged in constantly (by selecting the "Never" expiration) they use cookies.

I'm sure SMF uses sessions and session cookies because no session id shows on the url


If you disable cookies the session id will show up in the url.


#10 raza.shahzad

raza.shahzad
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 12 August 2006 - 01:28 AM

friends,
all of you are PHP experts and i respect your knowledge in the field of PHP programming. i want to ask one more thing. how can i change the nonspammer sub-title that is being displayed below my username to something else on this forum. people have different sub-titles attatched to their names.
please. it will feel good if i have a sub-title saying that i am a PHP programmer.

#11 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 12 August 2006 - 01:31 AM

Make more posts.

#12 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 12 August 2006 - 02:06 AM

you do need to make more posts to change your group, however please don't post just for the sake of posting.  post only when you need help or have an actual answer to give (not just for the sake of conversation - that can be done in the miscellaneous forums).

#13 raza.shahzad

raza.shahzad
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 12 August 2006 - 02:30 AM

Sir,
i have understood the use of this forum and i am following the rules of messaging for purpose, not for status.
I am trying to sort out problems that the visitors are facing to the extent i can. I have a good knowledge of PHP and i can reply to question related to PHP and other programming languages as well. but still i call myself a learner because you guys are superior to me in every field. so i respect all of you. this is the last ir'relevant msg that i am posting just because you asked.

#14 raza.shahzad

raza.shahzad
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 12 August 2006 - 03:47 AM

hi there once again.
my mind clicked once again with a question. what if there is no user online and no script is running on any browser. i.e. on the clientside?
can the server smell a user's status (online or offline)?
i read a book saying that most network applications consist of two pieces: a client and a server. further it says that we focus on the communication process from the client side. the request or control from the serverside is not defined in it. the chapter's name is PHP connectivity.
is there any way that the server understands by itself that someone is offline now or then.
like msn messenger understands that a user is offline when someone disconnects by any reason. can the methods of msn or yahoo messenger be applied on websites with PHP. please refer to me a solution if there is any.

#15 mainewoods

mainewoods
  • Members
  • PipPipPip
  • Advanced Member
  • 685 posts
  • LocationMaine

Posted 12 August 2006 - 02:34 PM

I knew SMF could have used a table instead of a 'communal file', hitman6003, I just simplified the explanation.  If it had used a flat file instead, the rest of the explanation is the same.  (Except that I never tried it with cookies off, I assumed that would fail because SMF would have the session id on the url turned off as a potential security risk.)  Potential advantages of a flat 'communal' file over db table: faster, but that doesn't seem to be any problem with SMF.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users