#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2000
    Location
    Gorakhpur,U.P.,India
    Posts
    24
    Rep Power
    0
    I am in the process of developing an applicaiton based on PHP and MySQL. My application requires that the visitors should be allowed to alter those records of a table which have their UserID value. The users will log in using their UserID and a Password which is stored and authenticated from a separate table. Can someone guide me as to what is the best way to implement this.

    ------------------
    Anish Modi
    Infotech World
    India
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 1999
    Location
    UK
    Posts
    50
    Rep Power
    16
    We are doing something very similar at the moment and its very much still a design but here is an outline based on your message.

    Create user role that can create a session and modify tables. This will also be used to log the user into the database. Setting their priveleges according to the user role.

    We use a SSL connection for security purposes but this depends on your access to the server and the scenario.

    There isn't much else to say, users then access their information and can change it using various SQL statements along with a bit of PHP to make sure that various rules are adhered to and mistakes are not made.

    I don't know whether this is right or not but I hope it helps.

    Falcon
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 1999
    Location
    Netherlands
    Posts
    77
    Rep Power
    16
    Hi,

    In addition to falcon's scure connection, we had to do it without SSL.
    The problem then is not really the username/password checking against a database, but whether or not to send passwords over a non-secure connection. What we did was using javascript MD5 encryption of the given username+password on the client side, which are then sent and compared to server-side MD5 encryption of username+password from the database for that user. If both match, an encrypted "session"-cookie (lasting a limited amount of time) is placed on the user's computer (and in a local session table) which serves as a fingerprint for which tables/records he/she can edit. Also, no-one can pass just an URL variable to approach our database, because a cookie must be read out and be valid against the session table.

    Hopefully this will give you some inspiration for your own site.

    Good luck, Peter

Similar Threads

  1. Check MySQL Version thru PHP
    By wolftrap1 in forum PHP Development
    Replies: 2
    Last Post: February 11th, 2004, 09:51 PM
  2. Replies: 5
    Last Post: February 3rd, 2004, 02:59 PM
  3. Help using a database and php to update a scores page.
    By deathsythe in forum PHP Development
    Replies: 0
    Last Post: February 2nd, 2004, 03:48 PM
  4. Replies: 0
    Last Post: January 31st, 2004, 03:15 AM

IMN logo majestic logo threadwatch logo seochat tools logo