Should I use sessions for “LOGINS” on my site?

Question

I have a classifieds website, where anyone (no need for login currently) can post a classified. It is PHP based.

The procedure for posting is currently like this:

click on " New Classified " --->
fill in a form of all information and hit " View classified before publishing it " --->
the form submits to a " verify classifieds " page, where users verify their inputs --->
If everything is okay in the " verify " page, then the user hits OK and the classified is published .

The above procedure isn't exactly optimized. The first page ( new_classified ) where the form is, is pretty good, but the second page ( verify ) uses x number of hidden inputs in another form , used to contain the previous pages form inputs .

Now you know how it works on my site.

The issue today is that alot of companies want to publish their classifieds, and alot of classifieds at the same time. This means they have to fill out the form again and again currently.

I am thinking about creating a login , for companies only, so that their information is automatically inputted into the form, so all they would have to do is fill out the specific classified details like "headline" and "description" etc.

How should I do this in my case? Sessions ?

This means I will have to create a new MySql table (I use MySql mainly) and store company-profiles there.

So do you think converting to sessions is alot of work? Worth it? More reliable? I have never used sessions so I wouldn't know.

As a last note, you should know that I use a picture upload tool on the first page of " new_classified ". When a user choses a file to upload, the page is automatically * refreshed *, and then the image is displayed on the same page under section "images uploaded". I hope the session wont interfere with this approach.

Thanks

Answer 1

I think it is worth your while to do logins, and even on a very basic level it will help you to identify who is using your site etc.

This is probably a big debate around developers, what is the best way to do a good login system, whether it's basic or not doesn't matter, I think the concepts still stay the same.

In your case I would suggest session cookies along with a login table consisting of user details. This would help you to verify the user on more than one occasion during his/her visit to the site.

A login is checked against a user entry in a table and then a session cookie is created. This session you can choose to never expire also.

You can then on every step check that the user is the user that is supposed to be logged in and get the companies details by checking the username. This would make for a better query in my opinion.

Sessions aren't a lot of work and it's relatively easy to learn. http://www.php.net/manual/en/book.session.php

http://www.9lessons.info/2010/02/php-login-script-with-encryption.html is a good example of what you can do with this. Have a look around still. There are a bunch of these great tutorials on the web.