I'm implementing my database. xD
Should I make changes, but I would like any further information about it, by those who are more experienced than me.
1) Should I make sure to keep a tracking for security reasons.
I would like to create a table "access", which contains the following fields.
id, id_user, browser, os, dates, ip.
What should I change, to ensure that each time the user login, is added a new record in this table.
If you have more tips on how to improve this point, I'd be grateful.
2) I would like to do so you can make the user choose whether the session of his choice or whether permanent or not.
I could only find a way to do it, that the session lasting for a certain period of time.
But I would like to implement a graft.
3) Should I implement multiple sessions, I'll explain.
The possibility that every user experience their sessions, such as facebook ago.
You can see how many active sessions exist and on what date.
I thought at a table like this:
id, id_user, queues, browser, os, dates, ip.
What do you think, you can do what?
If yes, what should I change in the structure of laravel to do this?
Thank you in advance who will help me.
I apologize for my English and the long text.
1) You should use also timestamp that logging table. You can use the built in updated_at and created_at timestamps. In your login function simply create a new instance of the model, populate the attributes and save() it.
2) There is a built in remember me behavior that you can use. More details can be found in the Laravel docs http://laravel.com/docs/4.2/security
3) Can you explain more of why you would want to implement multiple sessions? Why would this be useful for your application?
I hope my answer helps.
Related
I created an extension for joomla using:
$id=$database->insertid();
I just covered that if two users are logged on to the site will fit together perform two records in the database and then this statement will return in both cases the same value.
in php you can solve this problem with the transactions.
In joomla how do I solve this problem?
If you have a table you are working with that extends JTable then make sure that you included the check out functionality that is optionally a part of that. THis must means adding a couple of fields like what is in the content table. This will prevent two people from editing the same row at the same time which creates a race condition in which one of the other will lose their data.
Please note that both php and joomla functions to return the last insert id rely on the mysql implementation, and mysql returns the last id inserted on the currently open connection so concurrency is not an issue
#iacoposk8 Your are right it might possible that in very rear case. Such time try to add current logged in user id in your sql query or any where so that it doesn't make any confict. I hope you get it what i want to say. Thanks
I am assuming I cannot do this using sessions but rather the DATABASE. So the user would sign in, it would set their TIMESTAMP and I display that from the database. Then it becomes deleted when the user logs out or their session is terminated. How would the code look for this?
The better question is, is my logic correct? Would this work? Does this make sense?
By default application servers store session data in temporary files on the server.
By storing session data in a database table you are able to create an interface that will show information about the users that are logged in. Apart from that, using this (database) approach is a serious advantage if you need to scale your application by adding more than one server.
One of the most popular ways to implement such a functionality is to create a session table containing your users' session data. This may look like:
create table session (
id number primary key,
data varchar(240),
timestamp date
);
The data column stores all the session data in a serialized form this is deserialized each time a user requests the data.
Serialization and deserialization may have inbuilt support depending on the platform you are using. For example, if you are using PHP, the functions session_encode and session_decode may be found useful.
You can't find out when a user logs out in PHP and the Javascript workarounds are a bit far from a stable solution.
A couple of things you need to do: Create a column in your user table called last_activity and update their last_activity to the current time whenever a user loads a page.
For a list of who's online, query the db for users with last_activity values more recent than 10 or 20 or whatever minutes ago.
To update the last_activity column use:
UPDATE users SET last_activity=CURRENT_TIMESTAMP() WHERE id=2
For a list of users online
SELECT * FROM users where last_activity >= (CURRENT_TIMESTAMP()-(60*20))
I've got a Rails app where I need salaries to be paid every month for instance. So I need to store the last time the salaries where paid somewhere.
I don't want to use database because I don't want to create a table just for that, I think it doesn't make much sense. I've thought of writing it to the cache but I don't know if the data is secured and can't be lost.
Has someone got an idea of a place where I can store this time ?
Thank you in advance.
You could add the salaryPaid variable to the employee model, and update it each time you pay the salary (or whatever is equivalent for your app). This would still use a database but it would just make a new entry for each employee and would be easy to manage with migrations.
this may be a easy question, but I really need a light to go on.
I have this huge PHP system in codeigniter, and I'm using the library Quick Auth, and I need let users log on only at one computer/browser at a given time. So if Jake logs on In PC1, then Jakes tries to log on in PC2, PC1 session get invalidated and closed.
I was trying to manually search in the ci_sessions database table to try to eliminate the other user session, but seems like too pain. I want to know if there's one simple solution, I have no problem extending session, but I need more like an advice.
Thanks in advance
You will have to modify either the table indexes or session library code to limit one user to a single session. This can be done by:
Adding a unique index for the username (or ID) and the cookie/session ID
Modifying the library code to INSERT OR REPLACE based on the user/cookie
Hi Sitepoint wizard people,
Say we have an admin application that has multiple users and various objects. What I'd like to do is control access within the object itself - that is, it will behave one way for one type of user, and another way for other users. For example...
Director Mike can override Reception user Sally's registration date. One would assume that Mike could set any date both in the past or in the future. Then we have Payroll user Steve who can also modify Sally's registration date, but only for dates in the past up until (for example) one year ago. To spice things up, then we have the HR Manager Mary who can also amend Sally's registration date, but only for dates from precisely 23rd June 2007 up until one month from now...
How can I program the access restrictions so that on the front end, the form control is restricted with a min and max date, and in the backend, the validator checks the entered date to make sure it falls between those dates? I'd obviously need to be able to tweak the min and max dates for each user type. Other objects might have different parameters - maximum amount on a discount field or days of the week for overtime, for example.
I've asked this question in different ways, but each time I get bogged down by the implementation. I'm currently developing it as a php/MySQL web-based application, but thoughts and comments from other platforms very welcome! This time I'm looking at first principles, so it doesn't matter what your background is, if you have any ideas, please let me know! What do you even call this type of access control...?
Depending of how you application is based, you could ask for credentials at the start of the application and depending on who is requiring access, you could load a different xml file containing different settings.
As for security issue, make sure that the different xml files can't be reached by the users.
Edit:
Since you are using MySQL you could do something like this.
Let's say you have a table of users that has those fields : UserId, UserName, RestrictionId.
And with a Restriction table that looks like : RestrictionId, FieldName, FieldCondition.
This way, in your php app, when a user is authenticated, you can go fetch the correct "Restrictions" on the field and apply them in your code. If it happens that you have multiple fields that require different rules then you can simply add them with the correct RestrictionId.
This DB design is far from perfect, I'm pretty sure you can do better
Since, you are already using MySql db. You can maintain the UserRole Master table details in DB itself. Load the user role data based on login, then you can easily validate the changes made by the user accordingly.