+-----------------------------+ | User and Session Management | +-----------------------------+ SESSION VARIABLES ----------------- A session will be maintained for every user of fotoPortal, whether you are a guest or a registered user. The following SESSION variables will be set: $_SESSION['user_id'] $_SESSION['username'] $_SESSION['admin'] In this way, the absence of a session variable for any of these variables indicates a session time out. The login form will set these SESSION variables upon successful login. Guest logins are also permitted. In this case both session user_id is set to -1 and the username will be set to 'guest' Registered users may be known by first_name and last_name, and there are corresponding session variables for each of these. USE OF SESSION VARIABLES ------------------------ Session variables are not accessible to client side JS, so we need Ajax getters and setters. We also want to minimize the amount of times we hit the server, so a global client-side array called sessionArray is used to store the values of the session variables. When a user logs in, the session variables are set based on the user record returned. Typically, the session variables are needed for navigation purposes (which nav options apply to the user) and for any interactions with the database where user status must be verified (e.g., adding a comment). After checking session variabls, the user_id might be set to 'session expired', in which case the client-side JavaScript will redirect to the login page. MANAGING SESSION VARIABLES ON THE CLIENT ---------------------------------------- Whenever session variables need to be checked, any client-side JS file can invoke the JS controller sessionVariables.js which will perform an Ajax call to getSessionVariables.php which returns the current session values via one line of code: echo json_encode($_SESSION); when the callback function in sessionVariables.js receives the JSON, it refreshes the global JS client-side array via: sessionArray = JSON.parse(jsonData); From that point on, any client-side JS has access to the up-to-date session variables. When any client-based JavaScript/jQuery needs to know the up-to-date session status, they will initiate a call to getUserID.js. USER_IDs -------- The following user ids are already set up in the database: AMBER, BILL, CHERISE, DEREK -- regular users JACK -- admin user All passwords are the very secure (not!) P@ssw0rd, which meets the validation rules for passwords, but is easy to remember for demo purposes. ACTIVE vs. INACTIVE USERS ------------------------- If a user is active, they will have a positive user_id. If a user is inactivated, their user_id will be the negative inverse (-1 * user_id). When a user is inactive, all of their files and comments are still on the system. Their comments are now tagged as "former member" and their profile pic becomes a question mark (via the MySQL view user_view). Their photos will not be searchable. If a user is reactivated, their profile pic is restored (if they have one), their identity on comments is put back, and their photos are searchable again. Inactive users can still login, but they lose access to their profile page and the upload page. In this way, they are just like guests, except that we know their identity.