Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vadim Stepanenko2018-03-17 20:20:40
PHP
Vadim Stepanenko, 2018-03-17 20:20:40

What is the best way to store users and balance in a database?

Hello!
What is the best way to store users and balance in a database?
The problem is this: on the site I use authorization through VK. If the authorization is successful, $_SESSION['userid'] contains the VK user ID (for example, $_SESSION['userid'] = 1), and the ID is also stored in the database. No encryption or hashing. It's just stupid in the database column "id" and user IDs in it.
Further, based on $_SESSION['userid'] it is determined whether it is authorized or not (for example, if(isset($_SESSION['userid'])) { show user panel } and so on with all elements and code that is available only to authorized users.
Bad whether it?
And another question about balance. Under the balance, I have a separate table, where there is a column with the same user ID (ID from VK), and a column with the balance itself. Again, not encrypted in any way.
Is it possible to leave everything like that? In fact, I don’t store the password, I don’t store any information other than the VK ID and full name.
Thank you to everyone who responds

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
X
xmoonlight, 2018-03-17
@xmoonlight

The bad thing is that if I, for example, do not have a VK profile, then in principle I will never get to your site as a full-fledged user.
Are you a fan of VK?)
It's better to always link: User-ID in your system and to it - already link other accounts (third-party systems).
Balance - always bind to your User-ID and give the opportunity to enter WITHOUT VK.
So that, if the user loses access to VK (well, they locked his account there, for example), he can log into his account on your site and LINK his other (new) account to it and continue working on your service ...
(many letters happened...)

Report
S
Sergey Pugovkin, 2018-03-18
@Driver86

Everything is fine. But keep in mind that the VK profile can be deleted / forgotten. Those. there should be an alternative possibility of authorization.

Similar questions
M
Mikhail Potapenkov2016-06-13 18:20:30
On initial startup, the OS issues a blue screen 0x0000007B. What does it mean? 4Reply
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
A
Artem00712018-03-09 22:47:03
How to convert null, true, ... to string? 3Reply
O
on_click2020-05-05 00:42:40
Is it possible to speed up the process of uploading images to the vp media library? 1Reply
B
Boris Yakushev2015-11-02 19:12:05
Why did meta, title, link go down in body? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question