hi
I set an authentication in php for admin and it worked fine but now I need to use the same code for users who have limited access to the database that the admin use.
user1 only update one table
user2 only view tables
user3 insert to one table only
Do i need to use the mysql priviledge to limit the access of the users?if so how?
or I can use php code that have the same effect as the mysql privileges:idea:.
my authentication page is:
<?php
session_start("username");
// Define database constants
define('AUTH_HOST', 'localhost');
define('AUTH_USER', 'root');
define('AUTH_PASS', '123456');
define('AUTH_DB','ownerdb');
function attempt_auth()
{
// Send authentication headers
header('WWW-Authenticate: Basic realm="protected in php"');
header('HTTP/1.0 401 Unauthorized');
}
function check_login($username, $password)
{
$ret = false;
if ($username && $password)
{
// Check if login matches database values
$conn = mysql_connect(AUTH_HOST, AUTH_USER,AUTH_PASS);
if (mysql_select_db(AUTH_DB, $conn))
{
// Search for matches
$result =
mysql_query("SELECT COUNT(username) AS ucount
FROM password
WHERE username='" . addslashes($username) . "'
AND passwd_md5= MD5('" .addslashes($password) . "')
AND passwd_sha1=SHA1('". addslashes($password) . "')",
$conn);
// Check if a match was found
if (($row = mysql_fetch_array($result)) && $row['ucount'])
{
$ret = true;
$_SESSION["username"] = $username;
}
}
// Close connection
mysql_close($conn);
}
return $ret;
}
// Check if using valid credentials
if (!(isset($_SESSION["username"]) ||
(isset($_SERVER["PHP_AUTH_USER"]) &&
check_login($_SERVER["PHP_AUTH_USER"],
$_SERVER["PHP_AUTH_PW"]))))
{
// Show login prompt
attempt_auth();
echo "Authorization Required";
exit;
}
?>THANKS IN ADVANCE