List:General Discussion« Previous MessageNext Message »
From:Martin Ramsch Date:September 27 1999 2:04am
Subject:Re: PHP and MySQL db access
View as plain text  
On Sun, 1999-09-26 05:00:12 +0000, Loyd Goodbar wrote:
> For you guys doing web-based apps with MySQL and PHP3...  How do you
> handle MySQL table granting? If you have logins for users, do you
> also grant them rights to the table, or just set up a "nobody" user
> to access the tables, and control all access with PHP3?

In cases where the users access their tables both directly using the
'mysql' monitor program or self written applications and indirectly
using a PHP web interface, I had to setup table privileges anyway, so
my PHP pages simply ask for the MySQL user and MySQL password and only
give access to further PHP pages, if MySQL acceptes the user/password
for a dummy SELECT USER();  This means access to the web pages is only
granted if MySQL grants access.

<?php
  if ( isset($PHP_AUTH_USER) ) {
    $mysql_username = $PHP_AUTH_USER;
    $mysql_password = $PHP_AUTH_PW;
  }
  $mysql_database = $db[$mysql_username];
  $mysql_table    = $table[$mysql_username];
  $mysql_query = "select COUNT(*) from $mysql_table WHERE 0=1";
  $access = false;
  if ( isset($mysql_username) ) {
    $linkid = @mysql_connect('mysql', $mysql_username, $mysql_password);
  } else {
    $linkid = @mysql_connect('mysql');
  }
  if ($linkid) {
    $resultid = mysql_db_query($mysql_database, $mysql_query, $linkid);
    if ($resultid) {
      $access = true;
    }
  }
  if (! $access) {
    $http_auth = sprintf(
        'WWW-authenticate: basic realm="table \'%s.%s\'"',
        $mysql_database, $mysql_table
      );
    $realm = "table $mysql_table, db $mysql_database";
    Header($http_auth);
    Header('HTTP/1.0 401 Unauthorized');
    echo "<HTML>\n<HEAD>\n <TITLE>Not
authorized!</TITLE>\n</HEAD>\n";
    echo "<BODY>\n <H1>Not
authorized!</H1>\n</BODY>\n</HTML>\n";
    exit;
  }
?>
<!-- HTML page following ... -->


Regards,
  Martin
-- 
Martin Ramsch <m.ramsch@stripped> <URL: http://home.pages.de/~ramsch/ >
PGP KeyID=0xE8EF4F75 FiPr=52 44 5E F3 B0 B1 38 26  E4 EC 80 58 7B 31 3A D7
Thread
PHP and MySQL db access(Loyd Goodbar)26 Sep
  • Re: PHP and MySQL db accessJohn Gray26 Sep
  • Re: PHP and MySQL db accessMartin Ramsch27 Sep