get mysql connection credentials from login

[kurd]

Hello 

I really need advice on how to implement a login system for a admin and sub-admin (& not registered users).

I obviously already have the admin (created during mysql installation) and i created a sub-admin using phpmyadmin (without grant privileges etc.). Is it a good method to have them enter the user and pass and have php use these to connect to the database like

$db_user=$_POST['myusername'];

$db_pass=$_POST['mypassword'];

mysql_connect($db_host,$db_user,$db_pass) or die('Could not connect: ' . mysql_error());

 

Sorry if this has an obvious answer.

[kurd]

Sorry, I need to bump this because i'm stuck

[Ken2k7]

NO! Why give out your database connection data? What's the point of it?

[kurd]

Oh.. i see, what is the recommended way to do it then?

EDIT: How am i giving out my connection data? the user needs to input it

[Ken2k7]

Oh.. i see, what is the recommended way to do it then?

EDIT: How am i giving out my connection data? the user needs to input it

They shouldn't have to input it. If that data ever gets out, say goodbye to everything.

[kurd]

Does that mean that i need to set privileges with php scripting?

I still don't know how to do this..

[Ken2k7]

I'm confused. What is it that you're trying to do? I'm asking for the overall picture here.

[kurd]

I built a admin control panel that shows tables from mysql and lets you add rows and delete rows.

I'm asking how should i build the log in to this control panel? Thing is it's supposed to be for people i build websites for and they don't always know how to edit php files..

Thank you for your help.

[Ken2k7]

I built a admin control panel that shows tables from mysql and lets you add rows and delete rows.

I'm asking how should i build the log in to this control panel? Thing is it's supposed to be for people i build websites for and they don't always know how to edit php files..

Thank you for your help.

Oh definitely don't give each a database connection.

 

Just register them into a database with username and password, but make sure you hash the password for security.

[siric]

Access to the mysql database and access to your application are two totally different things.

 

Your application should login to the database with the mysql credentials.  In that database you should have a users table which authenticates users and determines if they have the authority to add and delete rows.

 

So your user table would be something like this

 

user_id (auto increment)

username

password (use md5 when encryption)

privileges (0 for view only, 1 for add, 2 for add and delete, or whatever you choose)

 

 

Once a user has logged in, the while they have access to the table that holds the data, they do not have access to the entire mysql database.

 

Hope this helps.

 

[Ken2k7]

siric, md5 is not an encryption process; it's a hashing process.

[siric]

siric, md5 is not an encryption process; it's a hashing process.

 

Noted.  Slip of the finger  LOL.