Set Specific Permissions

Anon

I am designing a website for my high school class using PHP and MySQL (www.lhs1984.com/directory.php - - still VERY under development!!).

I'd like to be able to allow each user to update their information, but only THEIR information.

For example:

Is there a way to allow Pam Abair (Student #001) to only update information in the database for the row containing her information. I'm not sure if this could be done by assigning a database password specific for each user???

Any help (or a point in the right direction) is very much appreciated.

toma42

Well, the level of security you want is only found in Oracle, to my knowledge. They refer to it as Fine Grained Access Control.

As for what you can do, as long you only allow access to the database through a web page, make sure you code correctly and only allow the logged in person to update their record.

This requires the user to login then requires you to issue an update statement and include the users login id in the where statement for the update.

brandonschnell

1) use sessions to authenticate users

2) check user authentication against a table that just has user information including a username & password.

3) include another table with the actual user data and do a join with the user authenticate table to output/update the user information. ie: "SELECT user_data.phone_number FROM user_data, user_auth WHERE user_data.userid = user_auth.userid AND user_auth.username = $username AND user_auth.password = PASSWORD($user_password)"

of course make sure the password is stored encrypted on the database.