Avoiding simultaneous acces to a shared resource in a web application - php

I have a web application consisting of users having projects , projects belong to to a single user and are access by the URI:root/project/[pid] .
Now I have a middleware to restrict users from accessing each others projects. Although I also have a feature in my web application by which an user may share their projects with other users, so multiple users can access a single shared project.
The problem is I don't want them to access the same project simultaneously , say if project1 is shared by user1 and user2 . URI root/project/project1_id could be accessed by both but not at the same time .
I am currently thinking how I could do this , I have some ideas but wanted to know if there is best or easier way to do this.
I am thinking of altering the project table in the database to have an active flag which would be set to true every time any user accesses the project web page and unset when he/she leaves the webpage or the session ends.
But I have not sure if this would be the best way to go .
I am using laravel as a framework for my web application . So a solution within that framework would be great

Store a version number with each project.
When someone starts to edit something in the project, send the current version number to the browser. When saving the edits, send the version number back to the server. If the version numbers match, then save the changes and increment the version. If the version numbers don't match, then someone else has edited the project in the meantime. While a user is editing, periodically call the server to check if the version number has changed and display "another user has changed this project" if it has. You could also save something to the database every time someone starts editing something, so if a second person starts editing the project within a certain time interval, you can display "X is editing this project."
I would use this strategy rather than having a lock that prevents a second person from even starting a new edit, because on the web it's hard to determine if an action that was started will ever be completed. If a user starts an edit but then gets distracted and leaves the browser open, other edits to that project will be blocked until your lock times out.

I ended up using the below mentioned solution to the problem:
I added a updated_at timestamp and update_by column in my project table which get update evertime someone updates the project
In the front end I set up a long poll function which checks the project table every couple of seconds
If there is a update in project in the past 5 seconds or so by someone other than me I fetched the entire updated project in the front end.

Related

MySQL And PHPMyAdmin Events Scheduler

I've created an iOS and android app that uses a database where users can login which in my case "User_active" gets changes to 1 and logged out gets changed to 0. The only problem I have is that I cannot check to see if the user has left the app, or if they have closed it, so what I want to do is create an event on phpmyadmin to change the "User_active" to 0 after 30min, but I can't seam to get things right. I'm using Awardspace as my host and I've only seen tutorials for localhost. Errors that I'm getting are that my user account does not have the write privileges to create the events and I cannot find any user tabs to change user privileges. If anyone can send me off in the right direction that would be great or even better a solution.
phpMyAdmin is a fantastic interactive tool, but it is not the tool for this.
In some ways, this is a fairly common problem. Typical web based applications don't know when a user has left, they only know when a user does something. One method is to do the following:
1 - Add a field to the user table (the same table that has the "user_active" field) to track the last activity by that user of any type. This should be a DATETIME or TIMESTAMP field and updated always with the current time.
2 - Add a cronjob to check any records in the user table to see if they are (a) still logged in (user_active=1) and the timestamp is more than 30 minutes old. If so, set user_active to 0 - essentially force a logout after 30 minutes. You may want to have an additional field to indicate it was a forced automatic logout rather than a user-initiated logout.
If your hosting service allows cronjobs, then run this periodically (perhaps every 5 minutes) and you are done. If your hosting service doesn't allow cronjobs then one option is to add a call to the "automatic user logout" function as part of every regular page. That won't work if you have thousands of active users as the overhead would be too much (and the delay on each page display). But if you have a small number of active users it will get the job done - I have done plenty of system housekeeping using that method.

I need to show which users are online for my AJAX Chat

I have an inline chat application which I got from Ajax Chat, which is working brilliantly. The application allows a user to chat with users that are registered on the system. Ie:
Now I need to show if the user is online or offline.
So my question is how do I show online users using PHP?
Thank You
Basically what you need is a way to register users activity.
One way you can do this is doing it by sessions within PHP, and you log these. There are tons of ways to register then your activity in a log. If the activity is not updated for example in 5 minutes, the user is offline. Bassically you just need then a sessionId, and a timestamp (and i would recommend this also to hang to a userid). If offline, there is no userId assigned and when online you add a userId. If you have those, its pretty easy. Its a matter of updating them constantly when a new page is loaded and if they log out, you simply destroy the session, or update it so it wont be linked to the user.
It may not be the best system, but it works, and it might help you.
I don't know your specific needs. Pardon me, If I am wrong.
If Jabber support is there with Ajax Chat, why not try ejabberd kind of XMPP servers rather than re-inventing the wheels on your own. And you could have a look at Apache Vysper too, since it has support of extension modules too. If XMPP server is there, users presence handling and message transfer would become a cake walk.
What you need is a constantly update for a table in your database that save the last change in an user and save the date time... so if that date is more than 5 or 10 min, the user ir off..you can do it with ajax...
What i would do is have a script that the clients run to do an ajax call to update a entry in your database with a time stamp for last seen. Not too often or you will overload your server.
you can also put some if statements where it checks for keystrokes, mouse movement, and if the window is active if you really want to get technical and do a away status.
then in active chats just check the time stamp for active messages or when the user list is open. anything outside a acceptable range will show the user as off line. 5 minutes seems pretty long to me. poll for a check every 10 seconds maybe?

Generate a list of online users?

I'm not awesome enough to write a chat application, and I'm trying to get one to work, and I've recently downloaded one from here, it's pretty good so far, as I've tested it out on XAMPP, but I have a slight problem. I'm trying to generate a list of online users to give it a more practical application-like feel, but the problem with that, is I have no clue how to do it easily.
When users login to my site, a session named g_username is created, (the chat says 'username', but I'll fix that) and from what I see so far, the easiest method would be to store their username in a database called OnlineUsers and call that data via Ajax, but, the other problem, is that it's session based, and sometimes the users can just leave, without logging out, and I intended to run a script to logout the user from both the OnlineUsers table, and by deleting the session.
If they leave without logging out, they'd be online forever! I could potentially suffix a bit of code on every page, that toggled an ajax event on page close, the event being a script that kills their OnlineUsers table record, but then again, that would load the server with useless queries as users jump between pages, as far as I'm aware.
Creating my entire site in Ajax isn't really an option, as it's a load of different sites combined in to 1 'place' with a social 'layer' (if you will) from a social service.
Does anyone see a way to do this that would make sense, and be easy to integrate, and do with Apache, without command line access?
You could so something like storing a timestamp of the users last action in a database, comparing that timestamp when outputting online users and making sure that it was done at most 1 min ago.
Run on all/vital pages:
(Deciding if the last action is outdated, you could also check if it was done for one minute ago to reduce the database-load)
if($user['lastAction'] < time()) {
//update into database, last action is outdated
}
When calculating the amount of users online and is within the loop of each timestamp
//If the users last action was within a minute, the user is most likely online
if(($row['lastAction']- time()) > 60*60)
//count user as online
you could have a cron job [if you have cpanel] running on the server once every 60secs or so, that checks when a user last sent anything via the chat if they have not in the last lets say 5mins then remove their entry from the online users list.

Using expiring Cookies to allow certain time limted features to users on a web application

I am creating an web application which allows user to post some article/blog on application. I want to allow users to edit the blog only uptil limited time of creating that blog. Like say just 15-20 minutes.
To provide this feature I am thinking of taking help of cookies. Whenever a new blog is created, I will create an expiring cookie on user's computer. Whenever user tries to edit a blog, that corresponding cookie must be present and sent to the server, if no cookie present/expired then no edit allowed!
Is this a good way to implement this functionality? Are there any better alternatives to this ?
I do not want to make a read from the database to see what time blog was created and then allow him to edit or not.(My DB is not read optimized, it is write optimized) I know if the cookies are disabled then functionality could not be implemented with that user or if user changed the computer in between, but you can safely assume that I can live with those limitations. Any comments, feedback, criticism welcomed!
Cookies expirations can be manipulated easily. You would need to store this data on the server side in a session (persisted either with a file, memcache, or your database), or you can use the data attached to the blog post.
Your claim that your database engine is not read optimized is hogwash. If it's not custom written, I assure you it can handle a query to check when a row was created (provided that is stored).
What kind of database are you using? MySQL or PostgreSQL would be able to handle this with no problem.
If you store the cookies on the user's computer then they can edit the cookies. Someone could edit the cookie to contain a different time, and therefore edit a blog post from years ago.
I'd hope you are using a Database to hold the blog posts, and if so, the time they were created is simply another column. You could even have it auto populate with the current time when the blog was first created.
Are you creating this blog software just for fun, or for an actual business purpose? If its for an actual business you might want to look at some free popular blogging tools.
http://wordpress.org/
http://joomla.org

Strategy: Unlock document when user leaves a page

The current app I'm building is a collaboration app that holds several users in a "team" or company that can access a set of projects. Each project has it's own documents.
I want to protect team users from running in to each other and so I have built a system where documents are locked by the first user to access them. The document is then unlocked when any of the following occur:
The user closes the document
The user signs out and destroys his/her session
The user left without signing out but the session garbage collection unlocks the document
All this works well but one thing is left to fix...
I need to know when the user leaves a project without unlocking the document (basically just leaves the page), since he can walk in to another project and edit another document.
My only option I thought of so far is by catching the http referrer in my base controller class (CodeIgniter MVC) and do a search on the url to see if it matches a project... Then unlock the document.
This is not a strong option though since the http referrer variable is unpredictable.
What would you do? (The same user being in the same document in two windows is an issue that can be ignored)
One way around it would be using the window.onUnload Javascript event to signal back to the server the page is being left. It would be best to use AJAX on the current page to communicate since most browsers will block a pop-up these days.
Keep a reference to the document they're currently editing in your session, and then when a document is open, check and see if it's different? If so, unlock the previous one?

Categories