-4

I need some advise on PHP and web app, and I want to create a system that allows user to login and write/read their text. Imagine a simple website that each user can write or read only one simple text file.

Suppose the user successfully logins to the website, the PHP will check whether the user's name is in the database. If there is a matched user/password, the PHP show a huge text area, a "write" button and a "read" button on to the site. (perhaps actually another page or have Javascript modify the site on the fly)

Now, if the "write" button is pressed, all the text from the huge text area will be written into "[username].txt" on the server and "read" button will read "[username].txt" and paste it into the text area.

Now, the technical details: suppose we saved the user/pass (perhaps in a cookie), when we hit the "write" button, I can see that I can just send the saved user/pass along with all the text in the text area as well as having a read/write variable specifying "write" into POST method and then have PHP write all the text into "[username].txt".

For "read" button, we specify user/pass and read/write variable specifying "read", and the server will read "[username].txt" and put it into the text area.

Questions:

  1. Do real websites actually do something along the line like above? How do real websites actually do this?

  2. Is it possible to send the text in the text area to the server without specifying user/pass into POST the second time?

If there is anything incorrect from what I've mentioned above, please feel free to correct. Any advise is appreciated.

Karl
  • 5,613
  • 13
  • 73
  • 107
  • 2
    with a 2k rep you should know this is to broad a question –  May 25 '15 at 03:28
  • 1
    You can look into [PHP sessions](http://www.w3schools.com/php/php_sessions.asp), which allow you to send information between the browser and the server without logging in again each time. If you are at all interested in password security, you can look into [other questions on the issue](http://stackoverflow.com/questions/1582894/how-to-send-password-securely-over-http). – James Newton May 25 '15 at 03:31

1 Answers1

1

you do not have to pass the username and password information every time, and of course it's unsafe.

in real website there's usually a token sent back to client from server after user login.

and when next time the client wants to update something or do some work that must be after login, the client will send the token instead of username and password to the server.

on server side, the token is saved in memory or database with an expire and information that can help server confirms token is true, let's call this a token pool. when server receives token, it just look up the token pool to make sure if the token is available.

Maplemx
  • 73
  • 1
  • 9