access_user :: Future functions and updates

[Don't use this thread for questions about the current version, please start a new thread if you need help!]

Use this thread to post suggestions about functions for future versions of this class. At the moment there is a second unreleased version. First I have to rewrite the manual, if this is done the new version will be released.

Don't use this thread for questions about the current version, please start a new thread if you need help!

Currently this updates are on the development list: (+++ urgent, ++ medium, + low priority)

- Leave blank the password field during regsitration to auto-generate a password (or similar) ++
- using more then one encryption type for the password (choose one md5 or sha1 etc.) +++
- send a mail copy during registration to the site admin ++
- more admin functions (user list, delete functions etc.) ++
- adding e-mail templates while using a 3rd party email class +++
- remove not validated registrations automaticly ++

[increasing the security and preformance]

increasing the security and preformance

what's your opinion to add the following features to Access User Class?

1- Adding the following filed to session table:
CREATE TABLE sessions (
   ses_id varchar(32) NOT NULL default '',
   ses_time int(11) NOT NULL default '0',
   ses_start int(11) NOT NULL default '0',
   ses_value text NOT NULL,
  `user_id` int(11) NOT NULL,
   UNIQUE KEY (`user_id`),
   PRIMARY KEY  (ses_id)
) TYPE=MyISAM; 

it's possiable for more users to login to system with just the same ( one! ) username and password. now we can prevent it and just one user can login to system using a Username & Password.
also we can have the number of Oneline users and can have their names too.

2- most of the websites have a variable called "Token". it's a Get variable that's added to url.
each page produces an random token value, and this token is added to the links to other pages as a get variable.
in the other pages we check the token and realize if this is a valid referer. and when the token was valid, the next page loads.

example:
we want to put a link/or redirect to profile.php from the login.php:
instead of : /profile.php?user=myname
we make this link:
/profile.php?user=myname&token=1gra5d697kjhgdj
in the profile.php, we check the token in the first step. if it had a valid valu, the profile.php loads.

please see this url, in Figure 3.2 - GET/POST Form trick script,
 http://www.phpnoise.com/tutorials/10/3
(this totorial called Token as dynamic_info)

A great feature would be a way for the user to "upgrade" his or her access level. Say if you incorporated a "Tell A Friend" script and when the user reffers 3 newmembers to you, his access level would go up 1 or 2.  How easy would this be to implement?

[Free WordPress Themes]

A great feature would be a way for the user to "upgrade" his or her access level. Say if you incorporated a "Tell A Friend" script and when the user reffers 3 newmembers to you, his access level would go up 1 or 2.  How easy would this be to implement?

don't think that is related to this class, it's a login system not a communty script...but share you're code here if you have created one...

Code:

function log_out() {
unset($_SESSION['user']);
unset($_SESSION['pw']);
unset($_SESSION['logged_in']);
session_destroy(); // new in version 1.92

Could this be changed to the following?

Code:

function log_out() {
$_SESSION = array();
session_destroy(); // new in version 1.92

$_SESSION = array(); would allow us to set additional "$_SESSION =" vars...

Here is the PHP Manual page quote for session_destroy at:
http://php.net/manual/en/function.session-destroy.php

Example 1. Destroying a session with $_SESSION

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
   setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();
?> 
 


Note: Only use session_unset() for older deprecated code that does not use $_SESSION.

And a user comment on the unset function at:
http://au2.php.net/manual/en/function.unset.php

dibakar dot datta at gmail dot com
01-Apr-2006 06:31
Instead of using the unset function  for unregistering your session or other array values you can also do this samll feature and get this task done with just 1 line code.

Suppose, if you like to unregister your session store values.
You can use:
 
     $_SESSION = array();

Well this syntax saves lot's of time instead of unsetting each values.

[Free WordPress Themes]

Hi Lan,

I read a lot about this kind of session handling, do you tried the mysql based session handler? Some guy from php.net suggested this function and I must say I like it a lot...

[every page]

It would be helpful if:
function check_user
and
function set_user

Included the code for:
$_SESSION['access_level']

I use the access_level on every page to select menu parts, and to included or exclude parts of each page for different ranks in our organization.

I have notice other people asking about this same usage like Steve136 post at:
http://www.webdigity.com/index.php/topic,5026.0.Get+users+level.html

For me, every page must make a seperate call to
function get_access_level
when this could be done once at login and stored in a var
$_SESSION['access_level']

It would also make the access_level easier to use for a great many tasks after login.

I hope you will consider adding
$_SESSION['access_level']
to the access_user_class

Thanks Olaf

A great feature would be a way for the user to "upgrade" his or her access level.

Hi Jimmy,

Not really part of this class, but I am working on it!

I have a education site where people study and progress via online tests.  I plan to just increase their access_level each time they pass a test.  That way they can still go back and review previous level's instructions.

When I get it, I'll post my scrip someplace here.

Hint, everything you need is in admin_user.php, just cut away what you don't need! 

[Free WordPress Themes]

that sounds not so bad:

I hope you will consider adding
$_SESSION['access_level']
to the access_user_class

[offtopic] Lan, we need to keep this thread untouched for discussions otherwise this thread becomes to complex

I read a lot about this kind of session handling, do you tried the mysql based session handler? Some guy from php.net suggested this function and I must say I like it a lot...

Hi Olaf,

Well, it' 6AM here, been up since 2AM just to get a little (very little) bandwidth her in the Philippines!  Can wait for the earthquake damage of the Asian cables is fixed.

Anyway, maybe I am still sleeping!  But doesn't the MySQL sessions deal more with timing than with vars like $_SESSION['user'] and $_SESSION['access_level']?  But it works great, I like it too!

My goal was to be able to add a "$_SESSION =" var (maybe in a class extention) mainly I feel a need for $_SESSION['access_level']  The above code lets any session var I add get deleted without additional code on logout.

But now I need some sleep...

Thanks Olaf

[Free WordPress Themes]

I read a lot about this kind of session handling, do you tried the mysql based session handler? Some guy from php.net suggested this function and I must say I like it a lot...

Hi Olaf,

Well, it' 6AM here, been up since 2AM just to get a little (very little) bandwidth her in the Philippines!  Can wait for the earthquake damage of the Asian cables is fixed.

Anyway, maybe I am still sleeping!  But doesn't the MySQL sessions deal more with timing than with vars like $_SESSION['user'] and $_SESSION['access_level']?  But it works great, I like it too!

My goal was to be able to add a "$_SESSION =" var (maybe in a class extention) mainly I feel a need for $_SESSION['access_level']  The above code lets any session var I add get deleted without additional code on logout.

But now I need some sleep...

Thanks Olaf

it is about session handling creating an empty session array is session handling too (finally)

[offtopic] Lan, we need to keep this thread untouched for discussions otherwise this thread becomes to complex

Oops, won't happen again!

==

I have another feature I would like to see... Automatic removal of "Stale" accounts.

Example: A guy dies (or doesn't log in for X amount of time), we delete him!

Another wish list feature would be automatic email reminders if someone hadn't loged in for X amount of time.

Example: no login for 90 days gets you reminder emails once a week for 4 weeks and then your login is deleted!

I have one - this one might be easy enough for you to just let me know how to add it.  I would like to put messages for users. 

IE - they login, and a pop up (or however you choose to place special messages) and they get a message to them, like, "Hi Olaf, Glad you could come back.  I would like to suggest a certain page you might be interested in...."  Or whatever...

[Free WordPress Themes]

I have one - this one might be easy enough for you to just let me know how to add it.  I would like to put messages for users. 

IE - they login, and a pop up (or however you choose to place special messages) and they get a message to them, like, "Hi Olaf, Glad you could come back.  I would like to suggest a certain page you might be interested in...."  Or whatever...

yes you're right you can add this easily to your custom application

[k]

I know it's a small thing...

In the Default (English) messages...

$msg[27] says

...activate your modifikation(s)."
...activate your modification(s)."

Would be an appreciated change!

I have to change this with each new update...

Thanks

[k]

I know it's a small thing...

In the Default (English) messages...

$msg[27] says

...activate your modifikation(s)."
...activate your modification(s)."

Would be an appreciated change!

I have to change this with each new update...

Thanks

is changed (with the next update)

[function log_out()]

Thanks Olaf,

Would you please also update the function log_out()

FROM:
function log_out() {
   unset($_SESSION['user']);
   unset($_SESSION['pw']);
   unset($_SESSION['logged_in']);

TO:
function log_out() {
   $_SESSION = array();

This is now the session_destroy standard (documented above) and makes writing class extentions with $_SESSION Vars much easier (for those who use it).

It would be an appreciated change!

We (my students) make this change with each new update...

Thanks

Hi Olaf,

I found a nice "plugin" which would be great with your access user class: captcha image for registration and / or login!
http://www.finalwebsites.com/snippets.php?id=39

What do you think?

[Free WordPress Themes]

Hi Olaf,

I found a nice "plugin" which would be great with your access user class: captcha image for registration and / or login!
http://www.finalwebsites.com/snippets.php?id=39

What do you think?

hehe, thats my own

sure you can implement this but I think it's only needed if you have problems with bots

hehe, thats my own

sure you can implement this but I think it's only needed if you have problems with bots

All right.. *g* you did a great job man! I'm trying to integrate it right now to protect login and registration. Should be simple.... but not for me *g* Thanks anyways!

[Guest]

[37.741]

Yahoo crawler, Googlebot, Msnbot