tags:

views:

80

answers:

3

Is there a way to dynamically create constant variables on the fly?

The idea is that upon logging into the system, a user would be asked to upload a small text file that would be fread, and assigned to a var that would be accessible throughout the system.

If this is possible, just to be clear, would this variable then only be accessible to that user and only while the session is alive?

Security being the main concern here, would it be more practical to store the var in a session variable?

The plan:

Data in the db will be encrypted via mcrypt, and the key will be stored on USB thumbdrives. The user will insert the thumbdrive when going to access the system. Upon logging in, the app will prompt the user to upload the key. They will navigate to the thumbdrive and key. Via fopen and fread, the key will be assigned to a global var which will then allow access to encrypted data, and will be used to encrypt new info being entered to the db. When the user logs out, or session times out, the global var will become empty.

Thanks!


NB: the var would need to be persistent and accessible through many pages and cookies are out.

+2  A: 

The best solution for you would probably be to store it in the Session variable, this seems to me to be the best way to manage this kind of data, though it might depend on how big the file is.

luke
I guess my problem with session vars is cookies. I'd prefer it if the only time the key is accessible to the system is when there is a live session.
stormdrain
You don't need to use cookies for sessions. You can also embed the session ID into your URLs. This makes sure that the session is lost as soon as the user navigates away.
wump
A: 
<?php

function first() {
 global $foo;
 $foo = 'bar';    
}

function second() {
global $foo;
echo $foo;
}

first();
second();

?>

Just put the global keyword in and you can stick anything you like in global scope. Although as luke said, it sounds like you should use the automatic session variable. http://www.php.net/manual/en/reserved.variables.session.php

hippiejake
Makes sense. Would the global be persistent, though? i.e. after the user navigates away from the page where the upload/fopen/fread takes place would the var still be accessible?
stormdrain
A: 

I've decided that the following solution will work:

When a user logs onto the system they will be prompted to upload their key. The upload script will assign a unique and random filename and place the file into a temporary directory.

The path to the file will be set into a session variable. When needed, the path will be called from the session var, and file_get_contents() will be used to retrieve the key.

When the session is ended or times out, the session variable will be deleted and the file itself will be removed via unlink().

Thanks!

stormdrain