Jump to content

user authentication and some related issues


raza.shahzad

Recommended Posts

Hi there.
Please tell me whether there is a way by which the server can standalone'ly check that the user is online or not. the user authentication thing.
I don't want the browser to tell me that the user is online by setting up cookies or by other means. because i find that if the cookies are disabled the website is set useless. please help in this regard.
PHP freaks asks for the login duration when we log in (60mins) or unlimited. i want some technique by which the server may check whether the user is online or not.
Link to comment
Share on other sites

Two ways....use sessions or keep track of IPs.

Both are essentially the same.  Keep track of page visits from users by recording their ip/session value in a db along with a time stamp, when you haven't seen a page hit from their session var and/or IP for a period of time, consider them no longer online.
Link to comment
Share on other sites

there is essentially no way to track a user through your website unless you use sessions or cookies; this is a little redundant, since sessions actually rely on cookies anyhow.

you can only keep track of and authenticate users on your site WITHOUT sessions if you force them to provide their credentials on EVERY PAGE (unless you pass their credentials by URL parameters from page to page, in which case why even bother having an authentication system?).  this quickly becomes tiresome for users, plenty more tiresome than simply allowing cookies for your domain.
Link to comment
Share on other sites

Dear Mr. HitMan,
your suggestion is good, same as what i thaught once and is acceptable. please clear to me one thing about the time/expiration thing that you mentioned in your reply to my question.
when the user is offline for a long period is it the duty of server admin(me) to delete manually the username or the login info from the database or the PHP script will automatically delete the login info. what is the possibility without using the cookies or sessions.
cookies are what i can use but i am confused about sessions because i have not learned much about them. i just know that they have some relation with cookies and object oriented programming too.
Link to comment
Share on other sites

I'm not positive, but I'm relatively sure, that the way that SMF tracks when users are "online" is by monitoring their page views.  In other words, when I visit a page, they record it in the database (which helps with determining which threads I've viewed, which I've posted in, etc.), along with the timestamp of when that page was viewed.

When they build the list of "online" people at the top, they are going into that table and pulling the names of the users who have viewed a page within the last few minutes (I think it's 15 for SMF, but it's been a while since I admin'd SMF).  If a user hasn't viewed a new page in 15 minutes, then they are consitered "offline".

[quote]when the user is offline for a long period is it the duty of server admin(me) to delete manually the username or the login info from the database or the PHP script will automatically delete the login info.[/quote]

You don't have to delete anything.  The server determines whether the user is "online" by the timestamp (i.e. if less than 15 minutes has expired since the last page visit, they are online, otherwise they are offline).
Link to comment
Share on other sites

I'm sure SMF uses sessions and session cookies because no session id shows on the url.  Every time someone logged on hits a page, then that page can retrieve the session variables related to that person and can then put the persons username in a communal file which is then included or called into the pages to give the list of currently logged on users.  As well the communal file will stamp the persons username with the time as well.  When the file is then accessed and a username is found with a time stamp that is > x minutes in the past, then that username is deleted from the communal list and will disappear from the list at the top of the page.
Link to comment
Share on other sites

[quote]Every time someone logged on hits a page, then that page can retrieve the session variables related to that person and can then put the persons username in a communal file which is then included or called into the pages to give the list of currently logged on users.[/quote]

Whenever you visit a page generated by SMF it calls the function "writelog()".  That function deletes all users in the "log_online" table who have not visited a page in the predetermined period of time, and inserts your username, the page, and the timestamp into the table.

To determine who is online, it uses the function "ssi_whosOnline" to retreive the users who are listed in the log_online table (remember it removes "offline" users everytime a page is loaded).

It does not use a file in the file system to keep track of who is online.  They do use sessions while you are logged in, however to keep you logged in constantly (by selecting the "Never" expiration) they use cookies.

[quote]I'm sure SMF uses sessions and session cookies because no session id shows on the url[/quote]

If you disable cookies the session id will show up in the url.
Link to comment
Share on other sites

friends,
all of you are PHP experts and i respect your knowledge in the field of PHP programming. i want to ask one more thing. how can i change the nonspammer sub-title that is being displayed below my username to something else on this forum. people have different sub-titles attatched to their names.
please. it will feel good if i have a sub-title saying that i am a PHP programmer.
Link to comment
Share on other sites

you do need to make more posts to change your group, however please don't post just for the sake of posting.  post only when you need help or have an actual answer to give (not just for the sake of conversation - that can be done in the miscellaneous forums).
Link to comment
Share on other sites

Sir,
i have understood the use of this forum and i am following the rules of messaging for purpose, not for status.
I am trying to sort out problems that the visitors are facing to the extent i can. I have a good knowledge of PHP and i can reply to question related to PHP and other programming languages as well. but still i call myself a learner because you guys are superior to me in every field. so i respect all of you. this is the last ir'relevant msg that i am posting just because you asked.
Link to comment
Share on other sites

hi there once again.
my mind clicked once again with a question. what if there is no user online and no script is running on any browser. i.e. on the clientside?
can the server smell a user's status (online or offline)?
i read a book saying that most network applications consist of two pieces: a client and a server. further it says that we focus on the communication process from the client side. the request or control from the serverside is not defined in it. the chapter's name is PHP connectivity.
is there any way that the server understands by itself that someone is offline now or then.
like msn messenger understands that a user is offline when someone disconnects by any reason. can the methods of msn or yahoo messenger be applied on websites with PHP. please refer to me a solution if there is any.
Link to comment
Share on other sites

I knew SMF could have used a table instead of a 'communal file', hitman6003, I just simplified the explanation.  If it had used a flat file instead, the rest of the explanation is the same.  (Except that I never tried it with cookies off, I assumed that would fail because SMF would have the session id on the url turned off as a potential security risk.)  Potential advantages of a flat 'communal' file over db table: faster, but that doesn't seem to be any problem with SMF.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.