I create an online store website
when user add some product to cart i save this information in session (if user not logged in)
and
when user logged in and select some product i insert them into table
is this true way?
can i store all information of user selected product in session?
I think the best way to go in this case is not using the database at all, but use cookies instead.
PHP Cookies
This way you don't have to query the database, and all data will be saved on the computer of the user. This will also keep the information for the people who are not logged in. Which will be more user friendly.
Better to store items in session (for both visitors or logged in people)
Only needeed of store them is only when they intend to buy the product.
On visit (even if user is loged in or not) you donot have to store them in db.
Further, use db only for values you have to refer in future.
Related
I got a user system, with session for both their username and ID. I also got a field in my users table named user_locked which determines if the user's account is locked or not (if it's locked; they can't log in).
Recently I added a feature on my site where it allows me to lock users easily by one click, and I then got the idea: is it possible to force that specific user to get logged out (make his/her session/cookies get destroyed) while leaving everyone elses unharmed?
Is it possible? If it is, how would I do?
Thanks.
My approach would be:
User logs in
You start a session for him and store whatever session variables you want
You store this session's ID in a table at your database with user id/username info
Whenever you want to destroy his session and log him out you follow this routine:
// old_session_id will be retrieved from your database table for
// this current user that you want to force log off
session_id($old_session_id);
session_start();
session_destroy();
Destroy php session remotely
Here is the idea for keep track of a user in an online-shopping website:
1 - When a user comes in for the first time, I'll create a random hash and I'll send this hash through a cookie to the user and simultaneously I'll create a user with this hash in my Users table.
In that table I will store many users data like: (and I use mongodb by the way)
* User page visit
* User choose products (means user cart in my shopping cart)
* User last login
and ....
2- When the same user comes again (say a day later), he will send that cookie (hash id) and I'll search into my database for that id and retrieve any data I want (e.g shopping-cart info).
I think this works fine and is a good way track the user (Do you agree on this?)
Problem :
What if a user cleans his browser history?
How do sites like youtube save our data (favourites and .... ) and even if I clear my browser or use another ip they had my favorites ready for me without logging into my account?
youtube-like sites store each and every details about the user interactions. For showing your favorites, your likes and other things it saves the data on the server. Whenever the user logs in, the users data will be shown. If you want to implement this, then it is better to go for cloud computing to manage data efficiently.
I have set up a basic system where users can sign up, login and view their own profile. However, currently their information is displayed on the profile page using a SESSION variable to store their username. All other data is then based on this. However if they then view another persons profile, the information will not be correct because it will alter to show whatever result was pulled from $ session.
How would I create properly functioning profile pages. A good example of what I am trying to achieve would be YouTube. Whenever a user adds a comment, their username is attached, this then acts as a link to their profile.
I don't have any code for this. I wouldn't know where to start.
Because there is no code for me to try and help you out I will give you a few pointers.
First of all don't use the usernames of the users to identify and link them to their profile 2 or more people could have the same username then you are screwed, rather use their id's to uniquely identify them.
Keep the users data that is currently logged in, in the session variables because you don't want to lose this when he navigates away from the browse user profiles page.
If you use the users id's to identify them you can send their id through the url without to much of a security issue. So where you display all the users to view you can create a url that looks something like this href="user_profile.php?user_id=<?php echo $user_id; ?>". Then on the page where you want to view the user profile that has been selected you can use $_GET['user_id']. You can then use the id to get all the details for that specific user by querying the databse for a user with this user_id.
destroy the session while user logout. so you can got proper data
you are using session of username of user which is logged in.
so user who is logged in can view his own profile with session username.
if user want to view profile of another user then there you have two way to perform it.
Create another page to view any user profile. pass username as query string and find user information which you want to display.
or
2-Use same page of user profile for your own and other. and pass the username on this page whose information you want to display.
you have to apply a condition there that is -- if there is set a username pass through post or get method retrieve the information of the passed user. or if not set that retrieve the information of the user which is in session (own information)
How could I write a code for recently viewed products? I use a database to create dynamic pages and thought I could store the ID number in a session or cookie and pull the image and title from the database. Although I dodn't know if this would work. I would only want it to display the last 5 items viewed and not show any duplicates. Any Ideas?
If the user is logged in, you can create a table called 'userViews' providing the userID and the viewed productID.
Then, you can select a query using 'SELECT DISTINCT' on the productID. This will select unique values. (Check http://www.w3schools.com/sql/sql_distinct.asp)
If the user is not logged in, I suggest you do the same but instead of using a userID, try to find something unique from the user. You could try setting a cookie or session with a random (unique) number and link that to the database.
The conventional way would be to store within a cookie. If you can encrypt the cookie, do so.
Remember, a cookie can be modified by the user. The #1 rule is to never trust user input. All in all, be sure to validate the information before displaying or you'll open yourself up to the world of attacks.
Store the IDs in an array? Seperate by ',' or '.' -- do NOT create 100 different cookies for storing IDs.
You COULD also use SQL to store the views... but why use un-needed sql queries? SQL is for storage, long term. Session and cookies are for current actions.
There are 3 ways you can show recently viewed products. (Maybe some other way but these 3 are mostly used).
Based On IP
Store recently viewed in Cookies
Session ID
Based on IP
This isn't a good idea, it's because there is chance two people are using same router and the person who did not see the product would see the other person recent view. (You may use IP based to show other people like in your area. etc..).
Based on Cookies
By using cookies you are 100% sure that your are display recent product to the person who is visiting your sites, but not all users/visitors have enabled the cookies also cookies can easily edit and a security risk if you did not encrypt properly.
Session ID
You can generate a random user_id for a visitors and store this information in database like this:
start_session();
if(!$_SESSION['user_id']){
$_SESSION['user_id'] = rand(1, 1000000);
mysql_query('INSERT INTO products_recent (user_id) VALUES ('.$_SESSION['userid'].')');
}
Also, you can select/update the user product views and display to that users.
And you can easily clean database every 24 hours if you want, or you can use this data for analysis purpose.
Finally - Registered Users
If register users view your product I high recommend save in database and show these recent view product every time he/she visit your store.
I figure that this should be possible, as it is a requirement asked by my supervisor. There are a few types of accounts, one of them is a 'company' account which should allow anyone in the company who has these credentials to log in at the same time.
Now my question is, how do I store temporary data like:
(this is fictive)
shopping carts, keeping track of wizards,...
I suppose that I'll have to store this in the database?
What would be my best option. Link it to the unique session id?
Yes, you can store sessions in your database if you like. A nice way to do it, is by creating a sessions like table that stores states. Therefore, if you have a cart, you can have a cart table that represents what products the cart has and replay that after a user logs back in.
Session information isn't based on your account-system but on the system of the visitor (cookie). Unless you want all information to be shared across all users logged in on the company account (which I doubt) you shouldn't have to store any of the information in the database.
To store the data you can simply keep using session (as I suppose you already do for the 'normal' account.