Jump to content

MySQL Configuration for member access with restricted privaleges


purplemonkeyuk

Recommended Posts

Hi guys

 

First off I am very sorry if this has been covered elsewhere but I have finally got my teeth into PHP and wanted to start testing my knowledge creating test forms for a membership style website.

 

I am in the middle of creating a HTML form for a login, entering a username and password to access my website.  Once logged in they can then access a profile page which allows them to update and ammend their unique profile page.  All their profile data will be stored in a MySQL database obviously!

 

I have a super user 'Root' configured in PHPmyAdmin, which has privileges that I do not wish to be available to any users except administrators!

 

I would like to create a generic user with restricted access that is assigned to all members who sign up using the signup/login form.

 

Can someone provide information on how to go about doing this... 

 

I have searched google for various permutations of "create a restricted user within MySQL php" with no joy on finding a solution to this particular problem.

 

I can create a new user using phpmyadmin, it asks for the following:

 

Username

Host

Password

retype

Generate Password

 

Once entered I can then obviously manually configure the privileges of said user.

 

This isn't entirely what I want though!

 

I want to create a user with restricted functions which is assigned to all members who signup.  How do I assign this user to new signups and allow them to sign into accessing their specific database data by using their username and password credentials?

 

I think I know that you will say that I will need to create a database with columns of at least "id", "username" and "password" but its the initial MySQL user profile setup and assignment to members that I am stuck with :(

 

thanks in advance please do not flame me down!!!!!!!!

 

 

 

Link to comment
Share on other sites

How are you planning on letting your "members" access data? You don't normally create accounts on the database server itself and hand them out. You write an application which makes use of a single (or sometimes 2-3) database server accounts then have the application take care of who has what permission.

 

If you really do want people to access mysql directly your in for a hell of a time. Especially if your here asking how to add simple permissions.

Link to comment
Share on other sites

Thanks again TRQ for your assistance on this one!

 

Yes by this I mean I need to create one of those database server accounts.  To explain I have one already, in this instance Root with associated password.

 

To solve my problem I think I need to create a second one with restricted privileges, perhaps calling it Member.

 

This 'member' account would have restricted privileges.  

 

Surely in order to update a members profile page they will have to have permission to do so under their database server account privileges?  I.e. run a login script with it verifying their username and password which allows them to add or ammended stored data within various databases.  

 

For instance a user has a Profile page, within this page is a summary text box containing personal information on display.  When a user logs in, goes to the profile page they can then edit or add text to their summary text box.

 

The question is do I set it up so they have access under a restricted server account?

 

I'm confused by this.

 

I understand the principle of create a id, username and password database, having users log in with their details and this be verified by a login script but how does this users login information get set as a restricted user account not a root user account?

 

Longwinded question but I hope it makes sense!

Link to comment
Share on other sites

Surely in order to update a members profile page they will have to have permission to do so under their database server account privileges?

This is where your misunderstanding lies. You grant your "application" access to your database. It then controls all data entered into and pulled out of the database.

 

For instance, this forum, it uses a single database server account to access the database on behalf of all of the forums users. The programming logic within the forums application itself polices who can write, edit / access what.

 

You can (and often will) create multiple account for the application to use (some being more restrictive than others) however, there is rarely any need to grant a user themselves there own account on the database server.

Link to comment
Share on other sites

Ok... right... 

 

So... 

 

Next question... 

 

I created the user account with restricted privileges call it SLAVE to keep it easy.

 

So i create a php login script to connect MySql as SLAVE. 

 

The mysqli_connect requires SLAVES username and password.

 

Does this mean I hard code SALVES details into the function?

 

Therefore when the member logs in with their username and password, the script runs logging in as SLAVE and then checks the database for the submitted members login information, if confirmed correct it then allows them to view their appropriate page?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.