All geek questions in one place

Sending warning messages from server to client automatically without postback

I am trying to implement a feature on my e-commerce website, but I do not know how to do this or where to start.

I want to warn my clients who have already been verified and logged in to my site, and if someone else with login credentials (registered users) for the purpose of hacking or any other security risk is trying to log in again with any other computer or browser. I can warn an already registered user to change the password as soon as possible to increase security or if he is the same user who is trying to log in from several clients, then he will be limited.

I will keep a list of already registered users in my database and check if the user is already logged in. But how can I dynamically send an alert without raising custom backlinks from the client side. since, as soon as another login attempt is made, my script should immediately alert an already registered user.

I hope I have clearly formulated my requirements. If something is unclear, comment, I will clarify.

I am using PHP 5.3 and MySQL 5.5. and the site will be hosted on linux hosting.

I think AJAX will help, but how. I have been looking for a solution for many days, but no luck.

Please, help.

+4
source share
5 answers

You are talking about a lengthy survey.

A "long survey" is a name used to describe a technique that:

  • An AJAX request is executed (using a javascript framework such as jQuery) The server expects the requested data to be available, loops and beds (your server-side PHP script)
  • This loop repeats after the data is returned to the client and processed (usually in the AJAX request onComplete callback function)

This essentially simulates a continuous stream in real time from the client to the server. I would not do this in PHP for many reasons. Here is some of them:

  • PHP created for fast execution (not for waiting)
  • PHP will force you to do some server-side polls and rely on sleep ()
  • PHP will feed on your RAM, while spawning processes are for everyone (Apache will do this)
  • Do not use the Apache server for this purpose! Apache Server will be better able to handle tens of thousands of short end connections better than a few hundred persistent connections. No matter which direction you go (long poll vs ajax). You might want to consider creating a lighter chat dedicated web server. something like Lighttpd or Nginx, which can have more max_clients or more simultaneous requests under the same memory / CPU conditions.

But you can do this using sleep, polling the database (or, better, the APC / Memcache cache).

If you want to do something like this, go to some technologies that can handle events: Python (Tornado, gevent, eventlet, Twisted, ...), Ruby (Eventmachine, ...), Erlang, Scala, JavaScript on the side server (node.js, ...), comet ...

Instead, you can use a simple way

enter image description here

Take a look at this table.

You can do something like that

  • Create some db table named for example. log and write some data (e.g. ip, login date ...) when a user visits your site. Leave the signout_date field blank. (when the user subscribes, just refresh this table and put the current date). If someone is on your site, the statement date field should be blank.

  • Then, in each user action, check your table for user_id : if the number of rows with the same user_id and empty user_id date field is greater. Then simply tell the user that another computer has signed your credentials.

+2
source

You are looking for a technique called Server Push.

TL; DR: Create a server method that will receive the request, then block execution until a certain certain time has elapsed or some server-side event will occur. Return different responses to the client depending on whether this was a server-side event or just a timeout. From the client, an AJAX call to this method with a set long timeout and response processing.

Please check my answer to a similar question .

UPD: Furthermore, as @AndreiG suggested, you can implement similar functionality with continuous polling. This is less complicated, but less sensitive to server-side events.

0
source

Using ajax, you can do continuous polling at a URL where you can show whether to dismiss the warning or not. You can do this once every few seconds or of your choice.

0
source

When a user registered a session identifier in a user table. And check every 5-10 seconds, or the value you want, with an ajax request, the current session identifier is equal to the database.

If these values ​​do not match, it means that someone is logged in with the same user credentials.

0
source

ASP has a technology called Signalr. you should find an alternative to this in php, which I think Sockets.Maybe Ratchet or Wrench does the job. Read here

0
source

Source: https://habr.com/ru/post/1398560/

More articles:


All Articles