creating multiple mysql users for every user of the system is NOT the way to go.
heres what i would do.
create 3 mysql users w/ appropriate permissions
i.e.
r_user
rw_user
full_user
Each of these usernames/password combos correspond to different permissions to the mysql datbase. (make these names more intuitive)
store the usernames/passwords in a file on the server that is OUTSIDE of the web root (i.e. the webserver user has access to it, but you cannot type in a url to get at them)
include file:
define("RO_USER_TYPE" 0);
define("RO_USER", "foo");
define("RO_USER_PASS", "bar");
... (repeat for other users)
then create a couple classes, one to handle the database connection, and one to store user information.
make your db connection class look something like this
require_once("your included usernames/pass file");
class Connection {
createConnection($iUserType = RO_USER_TYPE){
...
}
inside the connecton class, chekc the usertype you pass in and make your connection to the database based on that. you'll have to call createConnection() w/ no params first to find out what types of permissions that user has.
so in your user class, you want to have methods that will get back all info from the database. when you create a user, use md5() to encrypt the pass before inserting. then when you pull the info out, just compare the password in the database to the one they used to log in, just make sure to md5() their supplied password before comparing it to the one in the db.
you can also store the user object in the session, so you'll know what type of connection to make when the page is loaded..
hth.
p.
