My site is in flash. The login is also in flash. This is the login flow:
Enter username and password
Send to authentication.php page
Here is my doubt on authentication.php page:
(1) Check the post parameters, i.e username and password
(2) Sha/hash the password
(3) Q1(query 1), select username and password from users table
(4) If matched, do another query(Q2), check if the user is still on ban status
(5) If user is not in ban status, do a query (Q3) to check if the user is first log for today
(6) If its first log, do update query (Q4) to rewards some money to the user
(7) Create session, userid, a hashed session variable using md5. i.e
$_SESSION['loggin'] = 1;
$_SESSION['hash'] = md5(username.secret);
(I use the $_SESSION['hash'] for another authentication in another page, just ignore this)
Return result to flash.
I know its a very bad login flow, alots of mysql queries, 2 hashing(php calculations). I am still thinking/looking for a better way for this. Like combining the query etc. Any ideas on how to improve the flow?? (I must meet all the stuff i mentioned above)
[The current login is slow]