Posted by Gordon Burditt on 06/02/06 18:50

>I have created a MySQL database for my company which is accessed by PHP
>pages. I would like to permit some users to edit the records but allow
>others read-only access.

Ok, decide what will enforce this: PHP or MySQL? MySQL permissions
do not easily handle requirements like "a user may only edit his own
record, but no others".

If MySQL permissions are used to enforce permissions, the user using
the web page enters his MySQL login and password. For convenience,
save these in a session variable so re-entering these on each access
is not needed.

If PHP permissions are used to enforce permissions, the PHP pages
need a login setup. You could use .htaccess, letting Apache enforce
the access and use $_SERVER['AUTH_USER'] as a basis for figuring
out who's logged in. The pages usually use a MySQL login owned by
the page itself, capable of making changes (and it's probably
embedded in the page. My recommendation is to put the login/password
combination in a PHP include file *outside* the document tree). If
PHP itself is doing the login logic (rather than Apache) there's
probably a database table for web page logins, passwords, and level
of privilege of each user. It's up to PHP to decide what MySQL
queries to allow to each web user. Web users and MySQL users are
different; a web user need not have a MySQL username at all.

>However, I don't want to have to enter a password
>every time I want to edit a record.

Sessions can let you enter the password once a session.

>Is there a way to use our network login
>to do this? If not, what is the easiest way to accomplish this? The
>database is running on our server and is not accessible via the net.

It had better be accessible to the server running PHP, or you're
not going to get very far.

Gordon L. Burditt

[Back to original message]