I've just finished implementing this after asking a similar question!
I did it by NOT using mysql security. I created a single user with full
rights to my database. This username and password is hard-coded in my
scripts (in one include file actually). This is then stored out of the
web tree.
I then created two tables in my database - one that had usernames,
passwords (created using PASSWORD()) and global rights and one table for
the customer-specific rights. The username is the key in the first table,
the (username, table, customer) is the key in the second.
I wrote a login form that asks for the username and password and then
stores this information as a cookie that expires after a period of time (I
chose 5 minutes). This login routine is called every time a page is
accessed. If the cookies are valid, it continues, if they're not, then it
asks for a login again.
I can send you the relevant scripts if you are interested.
Mark
On Wed, 1 Mar 2000, Justin wrote:
> Date: Wed, 1 Mar 2000 11:07:21 -0700
> From: Justin <justin@stripped>
> To: mysql@stripped
> Subject: Authentication
>
> I am building a website for a client that is driven by PHP and a MySQL
> database. I am looking for a way to put some sort of password protection on
> the site so that the person viewing the site has to enter a password to
> access only their information in the database. This password/account will
> have to be setup by the person viewing the website before they can enter any
> info into the database. Does anyone have any suggestions?
>
> -Justin
> justin@stripped
>
>
>
--
Mark Ferraretto Phone: +61 8 8396 2448
Ferraretto IT Services Fax: +61 8 8396 7176
26 Observation Drive Mobile: +61 407 95 97 19
Highbury SA 5089 Email: mark@stripped
