How could I write a code for recently viewed products? I use a database to create dynamic pages and thought I could store the ID number in a session or cookie and pull the image and title from the database. Although I dodn't know if this would work. I would only want it to display the last 5 items viewed and not show any duplicates. Any Ideas?
If the user is logged in, you can create a table called 'userViews' providing the userID and the viewed productID.
Then, you can select a query using 'SELECT DISTINCT' on the productID. This will select unique values. (Check http://www.w3schools.com/sql/sql_distinct.asp)
If the user is not logged in, I suggest you do the same but instead of using a userID, try to find something unique from the user. You could try setting a cookie or session with a random (unique) number and link that to the database.
The conventional way would be to store within a cookie. If you can encrypt the cookie, do so.
Remember, a cookie can be modified by the user. The #1 rule is to never trust user input. All in all, be sure to validate the information before displaying or you'll open yourself up to the world of attacks.
Store the IDs in an array? Seperate by ',' or '.' -- do NOT create 100 different cookies for storing IDs.
You COULD also use SQL to store the views... but why use un-needed sql queries? SQL is for storage, long term. Session and cookies are for current actions.
There are 3 ways you can show recently viewed products. (Maybe some other way but these 3 are mostly used).
Based On IP
Store recently viewed in Cookies
Session ID
Based on IP
This isn't a good idea, it's because there is chance two people are using same router and the person who did not see the product would see the other person recent view. (You may use IP based to show other people like in your area. etc..).
Based on Cookies
By using cookies you are 100% sure that your are display recent product to the person who is visiting your sites, but not all users/visitors have enabled the cookies also cookies can easily edit and a security risk if you did not encrypt properly.
Session ID
You can generate a random user_id for a visitors and store this information in database like this:
start_session();
if(!$_SESSION['user_id']){
$_SESSION['user_id'] = rand(1, 1000000);
mysql_query('INSERT INTO products_recent (user_id) VALUES ('.$_SESSION['userid'].')');
}
Also, you can select/update the user product views and display to that users.
And you can easily clean database every 24 hours if you want, or you can use this data for analysis purpose.
Finally - Registered Users
If register users view your product I high recommend save in database and show these recent view product every time he/she visit your store.
Related
I have a php program, which has the login page and logout page. When user successfully logged in to the page it will be redirected to index.php
when index.php is loaded, it will fetch the data from the database (mySQL. ie. Select * from users) and populated some of the user data and display them in nice table format
Name Phone DOB ... Option
John Doe xxx-xxx-xxxx mm-dd-yy ... [Edit] [Details]...
etc
Not all fields from the query results will be displayed in the above table, only some of them will.
Under the Option column, there is an option called "Details", when clicked, user will be able to see some secure info.
I can think of two ways of doing it:
when index.php is loaded, instead of calling Select * from users (which * will contains some security info) I'll just call "Select id fullname, phone, dob from users". (don't select something unless it's necessary). Then when "Details" is clicked, I'll pass the id and retrieve the secure info from db by using that id. (IMO this is the most secure way but I'll have to make extra query call)
when index.php is loaded, I'll just do a Select * from users. Save the query results (arrays) into Session, then when "Details" is clicked, I'll just retrieve the array from the Session. This way I don't have to make extra query call, however I'm not sure if Session is secure or not.
Which way is better, in terms of security? (if none of them are, please advise how should I do this)
Storing data in the session is safe. Storing data in cookies is not safe.
Sessions are stored on the server, cookies are stored by the client (hence they are unsafe).
As far as performance goes .. it depends. There is no single answer, do what works for you but by all means keep it simple.
I wrote a simple web app to let user input data as they walk around in a warehouse looking up products.
The database is a very simple one I created for the sole purpose of gathering some product data. They start the process by entering the location they are at the warehouse. There are multiple users, and I did not implement a login feature; the application is accessible by anyone on the local network.
I want to keep track of the location IDs that the users input, but I want to be able to distinguish data input by different users.
I need an identifier that will allow me to distinguish one user from another. It can even be different for the same user every time he connects to the DB or uses a different computer.
Is this possible?
You could save the session id I guess, but it's not very identifiable to a specific user.
It would however allow you to identify which actions were done in the same session.
Just remember to start your session first:
session_start();
echo session_id();
Maybe this way: http://php.net/session_id
And don't forget to init session: http://php.net/manual/en/function.session-start.php
I would make use of a unique session ID along with setting a unique User ID in the Session as well so both can be recorded. I do something similar with an application we use.
session_start()
$_SESSION['UserID'] == ? <---- Create you variable
You can read more here:
http://www.php.net/manual/en/book.session.php
Keeping track of sessions will also allow you to monitor active sessions, record active sessions in database, implement some basic timeout functionality if they are not active for a period of time, etc...
I'm trying to implement a "favorites" feature to my site and I was wondering on how to go about storing this data. What I'd like to do if possible is have the user favorite things and store it in the DB - that way I could use the data to personalize search results.
I'm also trying to have it so there is a smooth transition between favorites in a non logged in state to a logged in one (allow the user to save favorites anonymously but if logs in transfer/ask to transfer those to his account)
How would I be able to store this data for long periods of time? I'm currently using DB encrypted sessions and I was thinking of extending the session time or setting it to not expire. That would probably lead me to some security issues no?
I'd appreciate the help,
Cheers.
Well, if i understand, what you want is that a registered user can set "something" as a favorite, since this is a M:N relationship (strictly from a database point of view), i would recommend a table storing these relationships, i.e. Supposing you have a user and a topic table, the SQL would like similar to this:
create table favorite(user_id integer not null references user, topic_id integer not null references topic);
At least this is what most DB books will tell you to do. If you don't have a user table (i suppose you have one for that "something" you want to mark as favorite), you could just store the id you assign to the user whenever s/he logs into the system. Hope to have been of help.
Create actual users out of your anonymous sessions. Persist them in the database without login credentials and associate favorites or whatever else you store with their user ID. If they sign up before they clear their cookies, you just add their login/profile into to the existing user ID and all the favorites they've created are already in the right spot. One system for both logged in and logged out users, not two.
Planning to develop a LAMP web application. What general strategies can I use to display the number of users currently logged in to my site? I want to be able to accurately display something like, "There are currently 1000 users online" or "User John Doe is currently online".
A database will be involved. So every time someone logs into the site, you can have a field in a user's table for last_login. And then there can be a script that does a query against this user's table to count the number of rows last_login within the last x amount of time. It may be good to cache this and repopulate this cache every z amount of time, and then pull from this cache as oppose to running a query against the user's table every request. So database + some kind of caching system.
I recommend using the CodeIgniter PHP framework.
This will allow you to store your session data in the database very easily (you just enable it in the config.php file). Then you can query the number of session ids in the session table of your database.
Here is the information for the CodeIgniter session class so you can see how to use it:
CodeIgniter Session Class
Here is also a link to the CodeIgniter forums going through more detail of how exactly to get this implemented: CodeIgniter Forum
This is quite easy to do, but cannot be accurate. Html being stateless, there is no way of knowing if a user is still looking at your page or has left.
If you want to log anonymous and logged in users, you coud use a tracking cookie with a short timeout, say five minutes and have this cookie link to a database of active sessions.
count the number of active sessions in your session db.
If you're using your database to store session information, you can easily query the session table and get how many unique sessions there are stored.
Have some sort of last accessed time record in the DB, and record that the person has been active. Then query the DB for those users who have been active in the last 5mins or so. Will give you a close approx.
I'm creating a simple thumbs up/down rating system. A user can simply click up or down, and total number of thumb ups/down is stored in db. I don't want the user to be able to vote multiple times However, I don't want to store the IP address or username of the user to check if it has already voted or not, because i think it will be pretty much mess in database. I'm confused, if I can use some alternative approach (for example storing the username,and item name in the cookies, so that it can prevent at least for some time.
Please let me know if storing (username, item-id) in db is good approach or storing in browser cookies? Thanks.
If you want to prevent multiple votes from the same user then you have no choice but to store their vote state on your server, anything on the client can be edited.
You refer to username which indicates that users have an account. If that is the case then you can store the item id and the user id in a table and use that to block any subsequent votes, hiding the vote options or showing the users current vote status.
You would only have to store IP addresses if users don't have accounts. However it is worth mentioning that an IP does not uniquely identify a single person/pc. For example any of the 1000+ people surfing the net from my office will use the same internet facing IP address.
As cookies can be trivially culled/edited you really need to use a database for this purpose and force each user to login before they can vote. (It sounds like you're already doing this from your use of the term "username".) Sadly, IP addresses aren't much use these days for uniquely identifying users in a reliable manner.
Additionally, in the database "votes" table schema you should have a UNIQUE KEY in place that ensures there can only be one vote per user on each "parent" object.
Database would be more secure in general.