Member Avatar for cossay

Hello everyone. I'm planning of implementing auto-logout in a project I have in mind and I want you guys to tell if the way I plan to do it is the best.
This is how I plan doing it. I will have table in my database, say cossay_tb, containing three fields:
user_id -- to hold the user's unique ID
last_page -- to the URL of the page where the user was before being logged out
content -- to hold the content of the page where the page that the user was working on

In my HTML pages, I will wrap a parent DIV around the content in the body of the page. During the auto-logout, I simply get the entire content of the parent DIV, the user's ID and the URL of the current page and use AJAX to send it the a PHP script, which will insert it into the database. I will then empty the content of the parent DIV after the log out.

The structure of my page before auto log out will look like this

<html>
    <head>
    </head>
<body>
    <div id = "login_div">
       <!--Login form here-->
    </div>
    <div id = "parent_div">
       <!-- Page content-->
    </div>
</body>
</html>

The structure of my page after auto log out will look like this

<html>
    <head>
    </head>
<body>
    <div id = "login_div" style = "display: block;">
       <!--Login form here-->
    </div>
    <div id = "parent_div">
       <!-- Empty-->
    </div>
</body>
</html>

I'm emptying the content of the parent DIV because someone might just save the page and then set the display property of my login DIV to none and see whatever information that the user was working on. I will get the content back after the user has supplied the correct password.


Here are my questions:
1. Is it a good thing to store raw HTML code in a database, like MySQL?
2. At the server side, will using just mysql_real_escape_string, htmlentities, html_entity_decode, and stripslahes be be okay for both making data safe for inserting into MySQL and restoring data back to raw html?
3. How would you implement this if you were me?

  • 2 Contributors
  • 9 Replies
  • 136 Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 9 Replies

Member Avatar for diafol

I'm a little confused here. The html you're storing is work being completed by the user?

What's the user working with? A form for posting html? A wysiwyg editor??

Member Avatar for cossay

Yeah, something like that. For example, a user may be filling a form containing about 20 fields and maybe half between the filling, he/she decides wants to have some coffee before continuing. Because the information the he/she is proving maybe too sensitive and because I don't want to let the user start all over again, I want to simply save the state of his/her work and then restore it after he/she has provided the right password on his/her return.

Member Avatar for diafol

OK, that's different to what I imagined. I think you have a few options.
You can ajaxify your form, so that each field is saved 'automatically' when the focus is lost. This should obviate the need for a big 'save everything' at the end.

You could have a 'save for now' button in addition to a 'completed' button.

A client-side validator would be useful here so that users can see their progress and not have their form rejected because one small bit of data was wrong. Obviously you'd back this up with server-side validation.

I still don't see your need to store html though.

Edited by diafol because: n/a
Member Avatar for cossay

I want everything that the user may be doing to be saved, not just form entries, and then be restored later when he/she logs in again.

Member Avatar for diafol

You're being very cryptic. Unless we know the type of input offering help is difficult.

Member Avatar for cossay

I understand what you're saying, but it appears you're not getting what I'm saying. I think you should look at the attached screenshot so you can better understand what I mean. If you look at the screenshot carefully, you will see that there are more than one forn in there, one on top of the other. Each of these forms contains information that the user is still working.
In this case, how am I going to use the approach you are suggesting? I want the page to look exactly as the user left it, one form on top of the other, just like that when the user logs in again. And this is going happen not on a single page, it can be on any page.

Untitled.png 305.25 KB
Member Avatar for diafol

OK, now I see. A screenshot shows a millions thingies. That's a lot clearer.

Those forms - they're faux windows I take it, like lightboxes/ js forms.

So let's break it down:

You want to save the workspace of the user if that person closes down/logs out. What happens if an user just shuts down the window/tab or the browser?

A workspace like this, which is produced by, I assume, just jquery js and php/mysql, needs a event handler for closing/opening/repositioning forms - this could be saved to a cookie or you could send it to the server (ajax). The data however, should not be saved to the client as it appears to be sensitive data. That means you need to update the db on logout.

I can't see anything majorly novel here. I'd separate view and data to cookie and DB.

But what about logging into a second computer. Does the user expect to see the last saved workspace? If so, the cookie thing won't do. You'll have to save open forms and relative positions to the DB as well. In this instance, you should ensure that you cannot have simultaneous logins. If a login is successful on the second machine, the first should be logged out (or do something similar).

top of head stuff:

TABLE workspace_items
item_id (auto_inc)
last_ws_id (foreign_key)
form_pos_x (px from left - from javascript)
form_pos_y (px from top - from js)
z-order (order of form on screen)
prescription_id (foreign key)

TABLE workspace
last_ws_id (autoinc)
user_id (foreign)
datetime (timestamp of last save)
Edited by diafol because: n/a
Member Avatar for cossay

jQuery and cookies, I'm sorry, I'm allergic to both. I use pure javascript and CSS for everything I do.
The forms are generated at the server side so I use AJAX to get them.
I understand what you are saying perfectly well, but I think that is going to be a lot of work. I have tried the approach I stated in my first post and it works just fine. My question is, it is a good practice to store raw HTML in a database?
The screenshot I posted isn't the project the application I'm writing. I did that last year when I was learning AJAX on my own. My new application is going to be different, so I don't think using your approach will make things easy.

Member Avatar for diafol

Ok don't worry. Good luck.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.