PHP - MySql connection woes

[frenchpl]

Can someone please help with clarifying a puzzle for me.

I tried asking this last week without any satisfactory answer.

I am new to PHP and therefore totally green in this area.

 

So far I have a full PHP5 / MySql5.0 / Apache2.2 server working on my system.

I have a 'con.php' script which holds the mysql connection data in the form of

userName passWord Host and dataBaseName, Looks something like this :-

 

// MySQL Settings
$Hostname = "localhost";
$Username = "root";
$Password = "**********";
$Database = "MyDatabase";

/* make connection to database */
/* If no connection made, display error Message */

$dblink = MYSQL_CONNECT($Hostname , $Username,$Password)
OR DIE("Unable to connect to database");

/* Select the database name to be used or else print error message if unsuccessful*/
mysql_select_db("$Database") or die( "Unable to select database");

 

This connects to the MySql server using the 'root' user account as specified in the

mysql.user table.

 

I know that I should only use this in a require once statement and thereafter change

the user to whoever is trying to log in.

 

I have, in 'MyDatabase' a table called users, which is populated with users of my choice.

I want these users to log in and use my custom database from PHP scripts.

 

My problem is as follows :-

If I do not include the 'con.php' in each script that accesses any MySql database,

I get no connection.

 

I am positive that using the 'root' user from the mysql.user table is not good

and not what I want to do.

 

I want to have an independant custom database which has it's own admin user and multiple

other users.

 

I want to be able to log into that database via a PHP script, if necessary using the

require once function and then to keep the session alive for further transactions,

over multiple scripts from the same user, until he/she logs out.

 

I am aware of using the $_SESSION variables to identify the session,

when it is operating.

 

It is the initial log in and the difference between the 'mysql database = user table'

and my own database users table, that is where I am having all my problems.

 

Someone please explain this to me in simple terms.

 

I can find no texts that clearly explain this, why is it made such a mystery?

 

I am not looking for the scenario of x number of users logging in to x number of databases

concurrently.

 

Rather, I want to have x number of users, possibly concurrently logged in, making changes

to the various tables in ONE database. At least one of these users will have 'admin'

priviledges over the database, most of the rest being normal users.

 

My project is a company helpdesk program, where normal users can log in to do various tasks

associated with 'calls' to the helpdesk. Obviously the 'admin' user has greater powers

like creating the users and deleting some records etc.

 

To the nub of my non-understanding then.

 

Do I use the 'con.php' script ( as shown above) to make the initial connection to MySql?

Whatever I use for the initial connection, how do I change to my own user, when they log in?

Thereby relieving the necessity to use an include of 'con.php' in each active database script.

 

The other part to the question is this,

when my admin user creates a user for the company database, is he creating a new user in

the mysql.user table, I would think that this should not be the case.

If he is creating a new user in the 'company' database users table,

how is that user related to MySql?

 

Thanks for any response

Pete

[Bjom]

You mix up two different concepts of "user". There are those people that are using your site - your users, as defined by your table "users". And there are database users.

 

The DB "user" is the "user" to create a database connection. Different people can all use the same user at the same time - and you will neither have to tell them the name, nor the password. That stays in your PHP script.

 

You could even just use the root user all the time, but this is bad because he has all rights to modify and delete and do whatever to your DB, so if anyone finds a way to do something unexpected with your site, the whole DB is in danger. Solution: you create ONE new database user and via GRANT you give him only those restricted rights that he needs.

 

Now you need a login script in php, that allows users to enter their username and password (as stored in your DB table), this script will then connect to the DB with the DB usernames that you created and compares the entered (POSTed) values to the database table. If it finds them - then ppl can continue, if not...redirect them or whatever.

 

Hmm. I hope that makes things a bit clearer. I'm not sure if I got my point across. It's kind of late here. If not, please do not hesitate and simply ask again.

 

You can find an example of a working "authentication" class (i.e. login) from my post in the beta-test forum. It's rather easy to use, even though because of the functionality it is quite large and complicated in itself - read the source for the AuthExample.php first... I invite you to use it or simply take it as an inspiration or to learn from it. You find a link to it here

 

regards

Bjom