0

I'm not new to php, but, I'm not a great coder either... I'm not too familiar with sessions and session variables.

I have been tasked with building an online "management" system for the eLearning we're offering. We have one .swf file for eLearning currently, but, have 23 in production so the solution needs to be scalable.

The concept is pretty straight forward... The admin logs into an admin area and adds a user with a username/password, adding them to a product(s) with various start and end dates...

Therefore, the user logs in with username and password and is able to view all their respective products and expiration dates, otherwise they're thrown to a expiration.php page.

I have 3 tables, Product, User and Timebomb. I am able to add information to the DB into the 3 tables from one form in the admin, so that works...

I do have two questions though:

In the communities opinion, what's the best way to capture the user information from the login page? Session, or pass a url variable, e.g. link.php?UserID=100 and left join the ProductID TimebombID on the home page via mySQL?

Should the timebomb be a javascript, php calculation or a mySQL check?

Any suggestions would rock...

Thanks,
Ted

2
Contributors
1
Reply
2
Views
8 Years
Discussion Span
Last Post by blocblue
0

Hi Ted,

You may find you get more responses if you post this in the PHP forum.

With regard to passing user data, don't use the URL, as this would allow any user to log in as anyone. E.g.

// user 100's data
link.php?uid=100;

// user 101's data
link.php?uid=101;

With the timing side of this, you best use the server's time. PHP is a server side language, whereas JavaScript is client side. If you use JS therefore, the user can manipulate the time themselves. Server side will keep things consistent for all users.

You could use sessions for passing user data around your application. I would advise storing the session id in your database when a user logs in, against which you make a comparison everytime a user access a page, hence verifying the session was created by your login script, and not fabricated.

Best,

R.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.