Jump to content
  • Advertisement
Sign in to follow this  
CProgrammer

[web] php and users

This topic is 5024 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Well Im making a user loogin system. Obviouslz I have to save user data somewhere. I see two options here: 1: I store user data in a database(mysql) 2: I have a folder per user and store it in a file. I prefer version 2 for the login system. Any reason not to go with number 2? -CProgrammer

Share this post


Link to post
Share on other sites
Advertisement
If you have access to a database, I'd recommend that you went that route. If you had user-specific files (avatars, etc) you would probably want to store that under their own directory, but for a login system a database is the way to go.

Share this post


Link to post
Share on other sites
I agree the database may be the normal way to go. But I think 2 isquite easy to overlook and I have most of the code for this from another project.
My main concern is efficieny and SECURITY. Is 1 more secure than 2. Does 2 have problems when the number of users grows.?

/CProgrammer

Share this post


Link to post
Share on other sites
How exactly do you propose to do #2?

Will it be a directory for the username with perhaps a file containing the password, another containing profile data, etc? Such a system would be difficult to alter (mass rename of all the files) - it may also be difficult to perform administration queries on the users. For example, how would you query all users that have xyz property? It can be done, but it means iterating files and directories to get your information - very slow in comparison to a SQL query.

I agree that files are useful for some things. An example is evoWeb, I'm storing a lot of my content as flat text files that's read in at page view time. It allows me to keep generations of the text with little problems and allows me to make backups easily. However, I'm moving it into a SQL version soon because of potential problems that exist in a multi-user environment. For example, imagine that 3 people are trying to read a file whilst it's being edited - you may try and commit your edit part-way through a read, and vice versa. Even worse, what happens when two administrators are trying to edit the file? You need a database mechanism in place to ensure that the status is maintained correctly. I could have a database layer on top of the flat file content layer to manage it, but in your situation this solution for user profiling has little benefit.

Why not try out both versions in a sandbox environment to perhaps get a better understanding of which method would work for you better?

Share this post


Link to post
Share on other sites
Doing it in a MySQL database would be easier to not only use and create but also administer. Also doing it in files would require you to change the file permissions. You might want to check out my database class.

Using that class, you'd come up with something like:


// Connect to the database
$database = new Database("DBUSERNAME", "DBPASSWORD", "DB");

// See if the username and password exist
$database->Query("
SELECT * FROM tblUsers
WHERE cUsername = '$username'
AND cPassword = '$password'
");
if($database->NumRowsInResult() == 0){
// User Doesn't Exist
} else {
// Username and password are correct
}




Also remember that PHP.net is the best resource for anything PHP. I strongly recommend using phpMyAdmin.

Share this post


Link to post
Share on other sites
Quote:
Original post by CProgrammer
Well Im making a user loogin system. Obviouslz I have to save user data somewhere.
I see two options here:
1: I store user data in a database(mysql)
2: I have a folder per user and store it in a file.

I prefer version 2 for the login system. Any reason not to go with number 2?

-CProgrammer


Generally speaking, the database solution will be faster, easier to implement, more robust and much much more secure.

#2 can and will become a problem for several reasons:
- File systems tend to slow down when you have a lot of files/folders. I wouldn't like to see a folder with a subfolder for each of a few thousand users. Even with few users, databases would be noticeably faster.
- It will get really messy if people try to read from it while other try to write to it. Databases are practically made to handle these things. File systems aren't.
- File systems aren't particularly secure in general.
- #2 would be really messy to manage as well, especially as the number of users grows, and if you want to create some kind of statistics on your users, or search for a certain group of users.

There's really no reason to use #2 for this, unless of course you don't have access to a database. #2 is reinventing the wheel, and it won't be a particularly efficient wheel at that... ;)

Share this post


Link to post
Share on other sites
Quote:
Original post by Rob Loach
Doing it in a MySQL database would be easier to not only use and create but also administer. Also doing it in files would require you to change the file permissions. You might want to check out my database class.

Using that class, you'd come up with something like:

*** Source Snippet Removed ***

Also remember that PHP.net is the best resource for anything PHP. I strongly recommend using phpMyAdmin.


No, no and no. You would NEVER use that SQL query as it is. It's a perfect target for a SQL injection attack.

I would go the SQL route however. You can still have the good ol' home dir for the user, but for storing passwords and profile information, the DB is just plain cleaner, and more secure.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!