Using cookies to pull data from multiple databases on two servers

[bruckerrlb]

Hello All, long time reader, first time register.

I am building a cms for users to see there statistics. When the user logs in, his information is processed (in mysql) and stored in multiple variables. From there, those variables are queried on a different server to a different database. Once the information has been found, that information is brought back to the original server, stored in variables, and displayed. I know sounds crazy, but I just thought up this logic today. I am not extremely experienced with php, and I realize this is a mile above my head. The reason the user logs into the first server and not the second server directly is because the first server has a product name, and the second server is just a bunch of numbers that are useless to the user. Also, i'm not allowed to modify the second server/database, I have read only access. So i'm hoping with this logic, I can use php to take the numbers from the second database and display this in a sense that will make sense to the average user.

 

How I plan to go about this.

User logs in, with user name and password, and his id (the primary key) will be called and set to a cookie. I need to find a way in php that will continuously have this cookie in every page (is that possible?), to make sure some random joe isn't surfing my sensitive info, and also to use it in my sql statement to call the information from the second database, because that unique id will be the same as the primary id in the second server. I am not sure if i'm being clear here, and i'm pretty sure i'll be canned monday morning (it's due then, and I have only the user interface done..), but any help would be greatly appreciated Like I said i'm pretty new at php, because i'm teaching myself as I go along, but I understand programming logic

 

If you can help thanks

[redarrow]

use database sessions ok.

[btherl]

I think you will find everything much easier with sessions:

 

http://sg2.php.net/manual/en/ref.session.php

 

They allow you to store a user's data between scripts without needing to worry about the details of cookies.  A typical use is to store the logged in user's username in a session variable, so you know they have logged in.

 

BTW, the structure you describe (separate server for display and for data storage) is actually quite normal.  I don't see any problems with it.

[bruckerrlb]

Great! I was actually looking into sessions and to dump the whole cookie idea. So, I ask you, the two servers with two different databases is normal? (they are on the same network). Does my logic sound doable?

[teng84]

yes I work for some site and we even have 10 DBase

[btherl]

I'll tell you about the system I'm managing now.  It has three front-end servers, all exact copies of each other, to handle load and for redundancy.  These make requests to up to around 10 databases in total (usually only 2 or 3 databases for each individual request).

 

The login data is stored in database 1, and after a user logs in, data is stored in their session to record that.  Then data is fetched from the other databases, depending on what they request.  Authentication after logging in is handled by checking the session.

 

Some database requests go directly (eg with mysql_query()) and others go via web interfaces to the database, using CURL to make the requests.  Then all the data is formatted and displayed nicely.

[bruckerrlb]

I'll tell you about the system I'm managing now.  It has three front-end servers, all exact copies of each other, to handle load and for redundancy.  These make requests to up to around 10 databases in total (usually only 2 or 3 databases for each individual request).

 

The login data is stored in database 1, and after a user logs in, data is stored in their session to record that.  Then data is fetched from the other databases, depending on what they request.  Authentication after logging in is handled by checking the session.

 

Some database requests go directly (eg with mysql_query()) and others go via web interfaces to the database, using CURL to make the requests.  Then all the data is formatted and displayed nicely.

 

first off, wow...., 10 databases, I don't even want to imagine that, just the thought is making me want to leave the country

Second off

Wonderful idea about storing the data in a session! Can you please tell me more about this? I am working on something like that right now, i'm trying to make it so when the user logs in, his username, id, and password get stored into a session variable. Then you say the data is fetched, when you say fetched, you use that info in the session  to query the other databases based on there request? I am pretty excited because this is sounding exactly like what I need to do!

[teng84]

look the content of this page and get back to ask what you dont understand

 

 

http://www.php.net/manual/en/ref.session.php

[btherl]

I think you've got the general idea.  I'll explain in a bit more detail:

 

The session is used primarily to store the user's data.  It may have other information where it's convenient to store it there.

 

So lets say a user wants a list of all the websites they have registered under the "foo" system.  They make the request, sending "mode=list_websites&system=foo" from a form.

 

session_start();
if (!empty($_SESSION['username'])) {
  # Ok, user is logged in as $_SESSION['username']
} else {
  # Not logged in, redirect to login page
  header("Location: http://www.foo.com/login.php");
  exit(0);
}

if ($_REQUEST['system'] === 'foo') {
  # Ok, it's a foo request.
  require_once('foo.php');
  do_foo();
}

 

foo.php will contain:

 

function do_foo() {
  if ($_REQUEST['mode'] === 'list_websites') {
    # We need data from foodb to complete this request
    ... fetch data from foo db, using $_SESSION['username'] to determine which data to fetch ...
  }
  if ($_REQUEST['mode'] === 'add_website') {
    # Add a website to foo db
    ...
  }
}

 

In the $_SESSION array you can also store other data, such as the user's access priveliges, and display settings such as "rows to display per page".

[bruckerrlb]

thanks! this was what I was trying to do! I will give it a try tomorrow at work, and let you know how it goes. Thank you so much for the help!!!!!!!!!!!!!!!!!!!!!!!

[bruckerrlb]

<?php

 

ini_set ('display_errors', 1);

error_reporting (E_ALL & ~E_NOTICE);

// Connects to your Database

mysql_connect("localhost", "root") or  die('could not select the database because :'. mysql_error() . ' ');

mysql_select_db("users") or die('could not select the database because :'. mysql_error() . ' ');

start_session();

//Checks if there is a login session

if(isset($_SESSION['ID_my_site']))

 

//if there is, it logs you in and directes you to the members page

{

$username = $_SESSION['ID_my_site'];

$pass = $_SESSION['Key_my_site'];

$check = mysql_query("SELECT * FROM login WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check ))

{

if ($pass != $info['password'])

{

}

else

{ header("Location: members.php");

 

}

}

}

 

 

I have this code for the login page, and I know I have to call the session from somewhere, but i'm not exactly where to start the session, I thought a good place would be the login page, what I mean is I thought I was starting the session, but when I use this code, it tells me the start_session is undefined, whereas, I thought I just defined it, can someone help?

[bruckerrlb]

okay I think I have a way to store this session, i'm using the following argument

 

mysql_connect("localhost", "root") or  die('could not select the database because :'. mysql_error() . ' ');

mysql_select_db("users") or die('could not select the database because :'. mysql_error() . ' ');

$qry="SELECT id FROM login WHERE username='$login' AND password='".($_POST['password'])."'";

$result=mysql_query($qry);

 

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result)>0) {

//Login Successful

session_regenerate_id();

$member=mysql_fetch_assoc($result);

$_SESSION['SESS_MEMBER_ID']=$member['id'];

session_write_close();

header("location: member-index.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}

 

 

where the red is highlighted, it seems to be crappin out on me because it keeps sending me to the login page.

[btherl]

It's session_start(), not start_session()

 

The session is remembered by storing a cookie in the client's browser (I see from your first post that you are familiar with cookies).  That cookie is then interpreted by session_start() every time a new request is made.  The cookie has a code in it which tells php to look for a file on the server storing the user's session data (the contents of $_SESSION)

 

All those details don't matter though, as long as they work properly.  As long as you call session_start(), you will have access to $_SESSION data that stays the same over multiple requests from the same user.

[bruckerrlb]

Great, thanks! another stupid mistake on my part. Can you use sessions like cookies, where if you want to store some information, assign it a session

[btherl]

Sessions are very much like cookies, since they use cookies to function.  But the data is stored on the server, meaning the user can't modify it.

 

Hmm.. to answer your question, any time you want to store data with a cookie, you could put it in $_SESSION instead.  It will work just as well.  The only thing you lose is being able to specify things like path, domain and expiry time.  Instead you'll have to handle those things yourself.