-2

I have to provide access rights like edit, view, delete values in the database to the users dynamically in php, so that the super admin can change the privileges from the application itself.(no need to open the database and do it for each and every user).

lena
  • 39
  • 1

1 Answers1

1

Possibly duplicate with create db and user mysql and set privileges php

Let's suppose we have a mysql database:

mysql_connect('localhost','user',password);
mysql_query("CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';");
mysql_query("GRANT ALL ON db1.* TO 'username'@'localhost'");
mysql_query("CREATE DATABASE newdatabase");
mysql_close();

Read more about access granting on mysql databases at http://dev.mysql.com/doc/refman/5.1/en/grant.html and creating database users at http://dev.mysql.com/doc/refman/5.1/en/create-user.html

Later edit: 

$user_priviledges = array(
                       '__SELECT__' => array("select_user","password"),
                       '__SELECT_DELETE__' => array("select_delete_user","password")
                    );
// first you use just __SELECT__ user for getting the current user access information
mysql_connect('localhost', $user_priviledges['__SELECT__'][0], $user_priviledges['__SELECT__'][1]);
mysql_select_db('my_db');
$sql = mysql_query("SELECT user_access FROM access WHERE user_id='$my_loged_user_id'");
$row = mysql_fetch_array($sql);
if ($row['user_access'] != '__SELECT__') {
    mysql_close();

    // after you close the above mysql connection we can connect again with the real user access 
    mysql_connect('localhost', $user_priviledges[$row['user_access']][0], $user_priviledges[$row['user_access']][1]);
    mysql_select_db('my_db');
}

// my rest of code

mysql_close();

You have to take care about the user of the system and the user access and for that I think you have to implement some classes which will open/close mysql connections depending on what is the system (or the user) trying to do

Note that I recommend you to use MySQLi instead of old mysql functions in PHP

Community
  • 1
  • 1
Mihai Matei
  • 24,166
  • 5
  • 32
  • 50
  • but I have to provide options for changing the priveleges on application itself to the admin. Also the grant to all users might not be the same. like one user can view but cant edit or delete, while other can do all of the three. I have made a form for this. but dont know how to store that values in the database and use it when that user sign into the system – lena Oct 26 '12 at 06:27
  • I've edited my answer.. I hope I was more explicitely this time – Mihai Matei Oct 26 '12 at 06:47