Question about access rights in php/mysql

Question about access rights in php/mysql

am 26.08.2008 13:21:51 von Jason Pruim

Hi Everyone,

I am attempting to wrap my head around an issue and wanted to see if I
was thinking right.

I am attempting to setup a pURL site, one where they go to something
like: example.com/purl.php?purl=jason1234 and the site says "Welcome
Jason". I have that part of it working, and it's pulling the info from
the database just fine, what I'm wondering about is locking it down a
little bit more so that they can't just edit the info in the main
page, but they have to specifically hit a button to edit the info.

Is it better to have 2 connections to the database with 2 separate
logins? One for the initial load which just has select privileges and
a second for when they hit edit which then gives them update privileges?

Or, should i just do 1 login with select, and update privileges?

Any ideas or suggestions?

Thanks!


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
japruim@raoset.com





--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Question about access rights in php/mysql

am 26.08.2008 14:32:11 von Dan Shirah

------=_Part_3318_10043749.1219753931175
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

>
> Hi Everyone,
>
> I am attempting to wrap my head around an issue and wanted to see if I was
> thinking right.
>
> I am attempting to setup a pURL site, one where they go to something like:
> example.com/purl.php?purl=jason1234 and the site says "Welcome Jason". I
> have that part of it working, and it's pulling the info from the database
> just fine, what I'm wondering about is locking it down a little bit more so
> that they can't just edit the info in the main page, but they have to
> specifically hit a button to edit the info.
>
> Is it better to have 2 connections to the database with 2 separate logins?
> One for the initial load which just has select privileges and a second for
> when they hit edit which then gives them update privileges?
>
> Or, should i just do 1 login with select, and update privileges?
>
> Any ideas or suggestions?
>
> Thanks!



Jason,

I would assume you have some kind of login page, correct? Or can anyone type
in the direct URL and access someone else's page?

If they have already logged in, I would use some simple javascript to
enable/disable the editing of form objects. By setting all of the form
objects to "disabled" they will appear grayed out but the text is still
legible. Then when they click on your "Edit" button just have a Javascript
function set them all to enabled. You could do something similar to
show/hide div's.

Or, you could bypass all the javascript and just add an "edit" flag to your
page? So once they click on the Edit button/link it would update a variable
and you could do something like:

if ($edit =="Y") {

}

Add in the option to save only if Edit has been selected?

As for your database logins, I don't see a problem with doing it either way.
I personally prefer to use a single login, but doing a include() for a
second login is no big deal either.

------=_Part_3318_10043749.1219753931175--

Re: Question about access rights in php/mysql

am 26.08.2008 14:37:05 von Jason Pruim

--Apple-Mail-121-928856977
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit


On Aug 26, 2008, at 8:32 AM, Dan Shirah wrote:

> Hi Everyone,
>
> I am attempting to wrap my head around an issue and wanted to see if
> I was thinking right.
>
> I am attempting to setup a pURL site, one where they go to something
> like: example.com/purl.php?purl=jason1234 and the site says "Welcome
> Jason". I have that part of it working, and it's pulling the info
> from the database just fine, what I'm wondering about is locking it
> down a little bit more so that they can't just edit the info in the
> main page, but they have to specifically hit a button to edit the
> info.
>
> Is it better to have 2 connections to the database with 2 separate
> logins? One for the initial load which just has select privileges
> and a second for when they hit edit which then gives them update
> privileges?
>
> Or, should i just do 1 login with select, and update privileges?
>
> Any ideas or suggestions?
>
> Thanks!
>
>
> Jason,
>
> I would assume you have some kind of login page, correct? Or can
> anyone type in the direct URL and access someone else's page?
>
> If they have already logged in, I would use some simple javascript
> to enable/disable the editing of form objects. By setting all of the
> form objects to "disabled" they will appear grayed out but the text
> is still legible. Then when they click on your "Edit" button just
> have a Javascript function set them all to enabled. You could do
> something similar to show/hide div's.
>
> Or, you could bypass all the javascript and just add an "edit" flag
> to your page? So once they click on the Edit button/link it would
> update a variable and you could do something like:
>
> if ($edit =="Y") {
>
> }
>
> Add in the option to save only if Edit has been selected?
>
> As for your database logins, I don't see a problem with doing it
> either way. I personally prefer to use a single login, but doing a
> include() for a second login is no big deal either.

Hi Dan,

Thanks for the info! the page will not actually require a login, it is
a new direct mail technique where they get a piece of mail with the
pURL on it, and then go there to "follow up" on the web.

I think though that I will go with the 1 login, with a simple variable
like to described.

Thanks Dan!


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
japruim@raoset.com





--Apple-Mail-121-928856977--