How to allow only one user at a time.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Salaria
Forum Commoner
Posts: 34
Joined: Fri Feb 13, 2009 2:50 am
Location: India
Contact:

Re: How to allow only one user at a time.

Post by Salaria »

Yeah! there is possible the solution is use of AJAX and the points mentioned by me in first post and Kai in his reply.

Look forward on these and start acting on it. Good luck.
Kurby
Forum Commoner
Posts: 63
Joined: Tue Feb 23, 2010 10:51 am

Re: How to allow only one user at a time.

Post by Kurby »

kaisellgren wrote:Here's a simple solution that works:

1) Display the form and store the current value in a session.
2) Upon submission, lock the table, check if the value has changed.
3) If the value has changed, abort and display a message stating that the value has been changed and redisplay the form.
4) Otherwise, just update it.

Pretty much like this forum does -- if you post a message and someone has replied in between the last read and your post time, it will show a message "there's a new post, want to post anyway?".
This is what I said only a bit more understandable. Go with this one.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: How to allow only one user at a time.

Post by AbraCadaver »

AbraCadaver wrote:Another option would be to store the old data in the session when the edit page is loaded. Then when you submit the new data, check to make sure that the data in the database is the same as the old data in the session and then insert it. If not, then generate an error and redisplay the edit page.
Me too 8)
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
edembg
Forum Newbie
Posts: 1
Joined: Sun Feb 28, 2010 2:02 am

Re: How to allow only one user at a time.

Post by edembg »

Hello all.

I want to explain my point of view. I know AbraCadaver is not agree with this idea, but i will explain it.

When you show the form you not submit it. On every onchange event you send AJAX request whitch mean "update field". In this request you will send student_id, field_name and new_value. On the server you will update needed field and will save in the session or in database table the same data + the time of the request.

Every 5 seconds you will send other AJAX request which will mean "Have changes?". You will send student_id in this request. If you have changes you will send it back and will update the form. For 5 seconds you will have all browsers updated and can delete the data from the session or in database.

If in this 5 seconds you have a new request for update for the same field this will mean "update is locked" and you must decide what exact will happen in this case.

I think this is not so hard to be coded - just 20 lines javascript and 30 lines PHP.


This is only my point of view. I hope will be helpful.


(Sorry for my bad english)
Post Reply