Two Logins, one to MYSQL and one to your company's database?
Moderator: General Moderators
-
cecilchampenois
- Forum Commoner
- Posts: 47
- Joined: Thu Nov 06, 2014 10:29 am
- Location: Gilbert, Arizona
- Contact:
Two Logins, one to MYSQL and one to your company's database?
If you have a website and users who log in to it, is it a standard practice to have a general login_id from MYSQL.USER for the site, and also an individual login_id from a separate database? I am now "it" for maintaining our website and that is how it is here at my company. Is this normal practice? Two logins?
Cecil Champenois
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Two Logins, one to MYSQL and one to your company's datab
If I understand you question, it is not general practice to user the MySQL users/privileges to provide accounts for website users. MySQL users are for database connections. A database table is used for website users.
(#10850)
-
cecilchampenois
- Forum Commoner
- Posts: 47
- Joined: Thu Nov 06, 2014 10:29 am
- Location: Gilbert, Arizona
- Contact:
Re: Two Logins, one to MYSQL and one to your company's datab
Yes, you have it correct. The database connection is the one in the dbConnect.php file. Then the users are validated in the other database. For some reason, in my case, this isn't woking. I'll post some code in a few minutes.
This is the first web page that the user comes to. The user logs in and is then taken to the check_login.php page, which immediately has an include dbConnect.php (for the MySQL database Connection) declaration at the top of the code.
[text]
<html>
<body>
<br/>
<table width="300" border="0" align="center" cellpadding="0"
cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="check_login.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1"
bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>ClaimsWeb™ Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</html>
[/text]
Then the next page, check_login.php hits:
DBCONNECT.PHP FOLLOWS: This ought to work, but it doesn't. I cannot establish a MySQL database connection.
This is the first web page that the user comes to. The user logs in and is then taken to the check_login.php page, which immediately has an include dbConnect.php (for the MySQL database Connection) declaration at the top of the code.
Code: Select all
<?php
// The user is logging in to the ClaimsWeb database with his user id and password.
if (file_exists("/var/www/html/shutdown.txt")) {
die("Server is shut down for maintenance");
}
?>
<html>
<body>
<br/>
<table width="300" border="0" align="center" cellpadding="0"
cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="check_login.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1"
bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>ClaimsWeb™ Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
Code: Select all
<?php
include ("dbConnect.php");
echo $page_footer;
if ($lDebug) {
var_dump($_SESSION);
}
?>
[/text]
Then the next page, check_login.php hits:
Code: Select all
<?php
include ("dbConnect.php"); // Connects to the mysql database through the user table.
$mosConfig_locale_debug = 0;
$mosConfig_locale_use_gettext = 0;
$table_name='logins'; // The table, 'logins', is in the Claimsweb database.
// Define $myusername and $mypassword
$myusername=$_POST['myusername']; // Carried forward from the posting from the login_page.php.
$mypassword=$_POST['mypassword']; // Carried forward from the posting from the login_page.php.
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
// THIS IS WHERE THE USER NAME AND PASSWORD DISAPPEAR COMPLETELY.
//$myusername = mysql_real_escape_string($myusername);
$myusername = mysqli_real_escape_string($conn, $myusername);
//$mypassword = mysql_real_escape_string($mypassword);
$mypassword = mysqli_real_escape_string($conn, $mypassword);
$sql = "SELECT client_no, access_level, logo_file, main_page, last_login, audit_year, active_client,
email_address FROM $table_name WHERE login_id='$myusername' and
login_password=aes_encrypt('$mypassword', 'password')";
//... MORE CODE...
Code: Select all
<?php
$lDebug = TRUE;
// MySQL Connection. The next variables set up for the connection to the MySQL database only.
$host = "localhost";
$user = "web_user";
$pass = "PASSWORD";
$db = "mysql";
// Main database for processing.
$dbCW = "claimsWeb";
$today = strtotime(date("Y-m-d"));
// This part sets up the connection to the database (so you don't need to reopen the connection
// again on the same page).
// Apache 2 PHP code has deprecated mysql_pconnect. Use mysqli_connect() instead.
//$ms = mysql_pconnect($host, $user, $pass);
$conn = mysqli_connect($host, $user, $pass, $db); // 01/08/2015 Cecil. The 4th parameter is the database called "mysql".
// Check Connection.
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// Select the database you want.
mysqli_select_db($conn, $dbCW);
Cecil Champenois