ajoo Posted October 8, 2014 Share Posted October 8, 2014 Hi to all ! I would like to ask that :- 1. what is the best way to / or how to best test a multi-user login script. 2. The best way to test a multi user website that saves data from the users into a database. Are there any tools that can hep me in testing my work locally on a localhost before I move them out to a website. ? I have heard that testing routines can be written for such purposes to automate the testing. If so where should I begin to look for them? I have no idea at all about writing test routines / scripts. A tutorial , if any exists, would be a good place to start. Thanks very much. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 8, 2014 Share Posted October 8, 2014 Part of being a good programmer is learning how to test your own code. I doubt that you are writing such a complex script at this stage that you really need to automate your testing process. Simply look at your code and analyze how many paths it can take and try and use your script in ways that will test all those paths and be sure your script is handling them properly. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted October 8, 2014 Share Posted October 8, 2014 A typical testing tool is PHPUnit which allows you write so-called unit tests for specific functionalities. However, unit tests only make sense if your code is modular. It must be possible to isolate each feature and run it in a controlled environment (external resources like databases can be simulated with dummy objects). If your code is just a bunch of big procedural scripts, you'll have a hard time implementing automated tests. Pretty much the only thing you can do is send HTTP requests to your scripts (with cURL, for example) and check if the database contains the expected values afterwards. While this is still better than nothing, it's of course much less precise than unit tests. You basically just get a “yes”/“no” feedback for the whole script. Which part does what is completely unclear. Either way, writing automated tests for complex features is not trivial. It takes a lot of time and careful planning. It's also questionable whether this time is a good investment. Almost all log-in scripts I've seen so far suffered from fundamental security issues rather than actual bugs. So if the choice is between spending one hour on OWASP to learn more about hash algorithms, and spending one hour on a couple of unit tests, I'd definitely pick the former. Quote Link to comment Share on other sites More sharing options...
ajoo Posted October 9, 2014 Author Share Posted October 9, 2014 (edited) Hi ginerjm & Jacques1, Thanks very much for the reply & suggestions. I have been following most of those. As suggested by ginerjm, I have gone down most of my code along various paths but chances are that some of those paths may have been left unexplored by chance. I have had the error reporting left on so I was informed of all errors, warnings and notices that I have taken care of as far as I could or at least all those were reported. As suggested by Jacques1, I have tried to read as much on security as possible and also changed my login script to incorporate SH512 bycrypt where earlier I had used md5 hashing . I have gone through the OWASP list and tried to incorporate whatever I could. Security as everyone knows is a daunting task made more so by its ever changing dynamic nature - (rectify one issue only to know that another has sprung up). I therefore cannot say that I have a very secure code here but yes I have read and taken as many precautions that I could. I have checked the data going into the database is correct as well. The problem is to simulate a test to test the application with many users simultaneously logged in and working on the it at the same time. I would like to be able to identify any conflicts in the database due to an increased number of simultaneous users. I would like to add that I have used the innoDB for tables where I need to UPDATE and INSERT information, thereby using there inherent table (row level) sharing properties to avoid conflicts during these operations. However to be able to see how well table sharing issues are handled by the application, I would like to be able to device some test for it using some available tools. Also I would like to test the system on a localhost server. Any further information on this would be very welcome. I would also like to know how I may be able to connect my localhost server to work with a few more local machines at my work place through a wifi network,again to be able to test the application locally with a few real time users working on it simultaneously. Thanks very much. Edited October 9, 2014 by ajoo Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.