Managing a user logon

[markyoung1984]

I am creating a website with a back-end database incorporating multiple users.  My service provider has given me one username and password to access the database.  There could be hundreds of users and I want three user types:  normal access (no login required) to view entries in the database, admin and editor/creator.

 

I think I would be able to do this in the following way:

- I create a "users" table in my database, containing various fields such as name, type of user, address etc

- I then create some clever PHP code and session variables (or cookies) within my pages to manage users logging in.

- When a user attempts to login, my PHP page(s) accesses the database using the username and password provided by my service provider, checks the users table and then responds appropriately.

 

It seems to be me that I would have to hard code my username and password into my PHP files, is this correct (they both consist of random letters and numbers, assigned by my service provider)?

 

Let me know your comments.  Obviously I would also need SSL to handle the encrypted logons.

[dbo]

Can you describe the nature of the application you're building? While security in layers is most definitely a good practice, this may be a bit overkill. Is there a particular reason you want to switch database users based on the user who is logged in?

 

Furthermore, what type of database connectivity are you using? Are you using the native functions for mysql, sql server, or are you using something like PDO? Are database credentials to be stored individually (Username, password, host, database) or in DSN format?

 

If DSN format life is a little easier. You can do something like:

 

function get_dsn($user_level)
{
   switch( $user_level )
   {
      case 1:
         //return dsn for admin user
      case 2:
         //return dsn for normal user
      case 3:
         //return dsn for read-only user
   }
}

$user_level = 3;
<database connection function>(get_dsn($user_level));

[markyoung1984]

There is a reason.  When someone browses the site ordinarily, they are bound to go to the products page, which is PHP, and calls upon the database to return results.  This is what I meant by an ordinary user, a "guest" if you like.  In this case, my PHP code will simply check a session variable to see if the username is set, along with session ID and other things.

 

The products on offer have different prices dependent on type of users e.g. trade user or end user.  A user logs in and therefore sees the different prices and in some cases different products available to them.

 

Database connectivity is MySQL using an Apache server.  I am using native MySQL functions.  Database user credentials are stored in rows in table called "user", so does not use DSN (as far as I understand what DSN is!).

[dbo]

If I'm understanding you correctly, I think you need to review your datamodel. You should not need separate database credentials to view different products. These are relationships that should be dependent upon table linkage (FK/PK type stuff) not dependent on different database credentials.

 

Also, what do you mean by database credentials being stored in a table? You would already have to be connected to the database to get the credentials out of a table.

 

Before you go writing any code, I'd make sure that you understand the underlying problem. Right now you're looking for a solution, but I don't think you've truly defined the problem. Never automate (implement technology) for poor processes. The Toyota way baby!

 

Let's look at your data model and take a step back and determine the best plan of action before trying to figure out how to write any code.

[markyoung1984]

Ok, I appreciate your expertise and patience on this.  I have a series of products (unfortunately I can't name the actual products):  cam1, cam2, cam3, cam4 , cam5, sol1, sol2, sol3 and sol4.  They are all stored in the products table, which comprises of the following attributes:  prodid, prodname, prodrange, proddesc, prodmore and prodprice.  On my site I have an index page, an about page, a contact me page and a products page.  When someone views the products page I want to connect to the database and display all the products to them, except the price.  Obviously when this happens I have to hard code the username and password (the one given to me by the service provider) to access the database.

 

There is also a users table, with attributes such as userid, username, password, address, phone, fax and type (type being distributor or end user).  There is also a login page, where users can login.  When a user logs in they can see the price available to them (varies) and access other information such as direct line phone numbers (stored in the database), that wouldn't be available to a normal person viewing the products page.  My issue is that when a user logs in, will I have to use some PHP code to look at the user table, verify they exist and then give them access?  Obviously to access the database in the first place to examine the user table I will need to hardcode the only username and password I have to access the database from my service provider.  Is this secure?  Is this the best way to do it?

 

Coding wise I can practically do all the above, the design is what I'm unsure on.  Thanks again.

 

[dbo]

Sorry to not get back to you sooner. I got tied up at work.

 

I think your thought process is decent, but it's over kill. You certainly would not need more than two different sets of database credentials though... full-access (admin) and read-only access for other users. That being said if you follow best coding practices... validate all user input, escape it, etc (which you should do anyways) you're going to be fine.

 

As far as the presentation layer goes... what you're talking about is selecting specific data depending on the user type. This is just a matter of structuring your queries appropriately, you can use the same database username/pass to do this.

[markyoung1984]

Ok, thats great.  Thanks for your help.

[pquery]

You can add an access level column to your user level table with like 0 being an admin and 1 being a user;

 

 

    userId

 

 

  userName

 

 

  password

 

 

  accessLevel

 

   

001

 

   

  admin

 

   

  mypassword

 

 

  0

 

 

 

  002

 

 

  user

 

   

  mypassword

 

 

  1