My site is in flash. The login is also in flash. This is the login flow:
-
Enter username and password
-
Send to authentication.php page
-
Here is my doubt on authentication.php page:
(1) Check the post parameters, i.e username and password
(2) Sha/hash the password
(3) Q1(query 1), select username and password from users table
(4) If matched, do another query(Q2), check if the user is still on ban status
(5) If user is not in ban status, do a query (Q3) to check if the user is first log for today
(6) If its first log, do update query (Q4) to rewards some money to the user
(7) Create session, userid, a hashed session variable using md5. i.e
$_SESSION[‘loggin’] = 1;
$_SESSION[‘hash’] = md5(username.secret);
(I use the $_SESSION[‘hash’] for another authentication in another page, just ignore this)
-
Return result to flash.
I know its a very bad login flow, alots of mysql queries, 2 hashing(php calculations). I am still thinking/looking for a better way for this. Like combining the query etc. Any ideas on how to improve the flow?? (I must meet all the stuff i mentioned above)
[The current login is slow]
To get a more abstract view of the problem the answers to the following questions would help:
On a side note I use Chromes builtin resource monitor which shows the breakdown of a web pages size and time it took to download. I find this more useful than the one in FireFox/FireBug.
Have you tested each of your queries in something like PHPMyAdmin or similar to test query time? Add up the total time of each query and see what the difference is.
Good luck,
Alex