PHP + MYSQL authentication method _ MySQL

Recently, when I made an ICP filing for a school, I needed identity verification. after comparison, I decided to use PHP + MYSQL for identity verification. We have previously considered using cookies or sessions. However, when a user goes offline and goes online again, as long as the cookies do not expire and do not need to log on, they can still stay online, which is a hidden risk for Internet cafes. In addition, users can disable cookies. in this way, identity verification is required when a school is preparing an ICP filing. after comparison, PHP + MYSQL is used for identity verification.
　　
We have previously considered using cookies or sessions. However, when a user goes offline and goes online again, as long as the cookies do not expire and do not need to log on, they can still stay online, which is a hidden risk for Internet cafes. In addition, you can disable cookies so that authentication fails. We have also considered the use of Sessions. during The browsing process, Sessions constantly add access information to Sessions. if a user spends a long time on the website, there are many browsing pages, as a result, the session becomes larger and the browsing speed is reduced. In the end, only re-login is required. Although this is rare, it is not what we want.
　　
My idea for this authentication is to record browsing information while authenticating the identity.
The user ID is transmitted between each page. the ID value is encrypted using the MD5 () function. The verification function is validate_id (), the return value is (0, 1), and the success value is "1 ".
　　
　　 Ideas:
Determine whether the input ID is an anonymous logon ID (a684dd572b1887661782981659331eed), 32 bits. if the input ID is 0, the browser information is added to the database. If no, query the database to check whether the user ID, user IP address, and input ID are equal to the IP address value, and the last browsing time is less than 20 minutes from the current time.
　　
The number of records obtained. if it is 0, it is considered offline. log on to the browser with an anonymous ID and return 0. If the record is not 0, add the user ID and user IP address to the database and return 1.
　　
　　 Create a database:
Create table logging {
　　
Id int unsigned not null primary key auto_increment,
　　
User_id char (32) not null, // user ID
　　
Logging_ip varchar (20) not null, // record the user IP address
　　
Page_name varchar (30) not null, // view Web page name
　　
View_time timestamp not null,
　　
Student_id varchar (20)
　　
);
　　
　　 Create a function:
/* ----- Begin function validate-id ()---------------
Verify that the user has logged on
　　
------------------------------------------------*/
Function validate_id ($ link, $ id, $ ip, $ page_name, $ student_id = ""){
If ($ id = a684dd572b1887661782981659331eed or $ id = ''){
$ Query = 'Insert into logging (user_id, logging_ip, page_name, student_id) values ("a684dd572b1887661782981659331eed ","'. $ ip. '","'. $ page_name. '"," anonym ");';
$ Result = mysql_db_query ("web", $ query, $ link );
Return (0 );
}
Else {
$ Year = strftime ("% Y ");
$ Month = strftime ("% m ");
$ Day = strftime ("% d ");
$ Hour = strftime ("% H ");
$ Min = strftime ("% M ");
$ Sec = strftime ("% S ");
Echo $ time_string = $ year. $ month. $ day. $ hour. $ min. $ sec;
// Echo ("
");
// Echo "$ year-$ month-$ day $ hour-$ min-$ sec
";
// --------- Begin if's ---------------------------
If ($ min-= 20) <0 ){
$ Min + = 60;
If ($ hour-= 1) =-1 ){
$ Hour + = 24;
If ($ day-= 1) = 0 ){
Switch ($ month ){
Case 12: $ days = 30; break;
Case 1: $ days = 31; break;
Case 2: if ($ year/4 = 0) and ($ year/100! = 0) or ($ year/400 = 0 )){
$ Days = 29 ;}
Else {$ days = 28 ;}
Break;
Case 3: $ days = 31; break;
Case 4: $ days = 30; break;
Case 5: $ days = 31; break;
Case 6: $ days = 30; break;
Case 7: $ days = 31; break;
Case 8: $ days = 31; break;
Case 9: $ days = 30; break;
Case 10: $ days = 31; break;
Case 11: $ days = 30; break;
}
$ Day + = $ days;
If ($ month-= 1) = 0 ){
$ Month + = 12;
$ Year-= 1;
}
}
}
}
// ------------------------------------ End if's
SetType ($ month, "integer ");
If ($ month <10 ){
SetType ($ month, "string ");
$ Month = '0'. $ month ;}
SetType ($ day, "integer ");
If ($ day <10 ){
SetType ($ day, "string ");
$ Day = '0'. $ day ;}
SetType ($ hour, "integer ");
If ($ hour <10 ){
SetType ($ min, "string ");
$ Hour = '0'. $ hour ;}
SetType ($ min, "integer ");
If ($ min <10 ){
SetType ($ min, "string ");
$ Min = '0'. $ min ;}
　　
Echo'
'. $ Time_string = $ year. $ month. $ day. $ hour. $ min. $ sec;
// Echo"
$ Year-$ month-$ day $ hour-$ min-$ sec
";
// Echo ("
");
$ Query = "select id from logging where user_id = '$ ID' and logging_ip =' $ IP' and view_time> '$ time_string ';";
$ Result = mysql_db_query ("web", $ query, $ link );
$ Count = mysql_num_rows ($ result );
If ($ count = 0 ){
// Echo $ query = "insert into logging (user_id, logging_ip, page_name) values ('a684dd572b1887661782981659331ed', '$ IP',' $ page_name ');";
$ Result = mysql_db_query ("web", $ query, $ link );
Return (0 );
}
Else {
$ Query = "insert into logging (user_id, logging_ip, page_name) values ('$ ID',' $ IP', '$ page_name ')";
$ Result = mysql_db_query ("web", $ query, $ link );
Return (1 );
　　
}
} // End if
}
// ---------------------------- End function validate-id ---------
This verification method is very simple, and does not take into account the user login after login, you can add yourself.
　　
If you use cookies, you may use setcookies () to create a user ID and then read it from the environment variable $ HTTP_COOKIE or $ HTTP_COOKIE_VARS. They are all the same, but we should ensure that users do not have cookies.