| Subject | Connecting to a db with a specific role |
|---|---|
| Author | shann0n110yd |
| Post date | 2005-03-30T08:18:32Z |
Hi,
I'm trying to implement a user login facility, but am having trouble
getting my users to connect using roles. I've created two roles for my
db - a USERS role and an ADMIN role. I then created a number of users
and gave each of them membership of the USERS role. I then call
ibase_connect twice - the first time using "ADMIN" as the role, and
the second time using "USERS" as the role, the theory being that if
the first connection succeeds, my function is designed to return
immediately (after setting a session variable indicating admin
privileges), and if the connection does not succeed, it goes on to
attempt to connect as a regular user. The problem I am having is that
all users are being permitted to connect with the ADMIN role, even
though they have only been granted membership of USERS.
The specific piece(s) of code is/are as follows:
function getConnection ($user, $pass, $role)
{
$host = 'localhost:C:\firebirdsql\db\thedatabase.fdb';
if ($dbh = ibase_connect($host, $user, $pass, 'ASCII', 0, 3, $role))
return $dbh;
else
return -1;
} // getConnection
function validateUser($user, $pass)
{
// First try to connect as an administrator
$conn = getConnection($user, $pass, 'ADMIN');
if ($conn == -1)
{
// This block is never entered, even if I call
// validateUser("davo", "password") and user 'davo'
// has been made a member of ONLY the USERS role.
// Have tried if (!$conn) and have tried if ($conn === -1)
}
else
{
// session variable for ADMIN privileges set in here.
// This block is always entered, regardless of the user or
// the roles they have been granted.
}
}
Hopefully I've left enough there for it to make sense. There's no
problem with making the connection to the db, only with the use of
roles to restrict how the users connect. If anyone knows of any
examples of doing this, I'd very much appreciate a few pointers.
Thanks,
Shannon
I'm trying to implement a user login facility, but am having trouble
getting my users to connect using roles. I've created two roles for my
db - a USERS role and an ADMIN role. I then created a number of users
and gave each of them membership of the USERS role. I then call
ibase_connect twice - the first time using "ADMIN" as the role, and
the second time using "USERS" as the role, the theory being that if
the first connection succeeds, my function is designed to return
immediately (after setting a session variable indicating admin
privileges), and if the connection does not succeed, it goes on to
attempt to connect as a regular user. The problem I am having is that
all users are being permitted to connect with the ADMIN role, even
though they have only been granted membership of USERS.
The specific piece(s) of code is/are as follows:
function getConnection ($user, $pass, $role)
{
$host = 'localhost:C:\firebirdsql\db\thedatabase.fdb';
if ($dbh = ibase_connect($host, $user, $pass, 'ASCII', 0, 3, $role))
return $dbh;
else
return -1;
} // getConnection
function validateUser($user, $pass)
{
// First try to connect as an administrator
$conn = getConnection($user, $pass, 'ADMIN');
if ($conn == -1)
{
// This block is never entered, even if I call
// validateUser("davo", "password") and user 'davo'
// has been made a member of ONLY the USERS role.
// Have tried if (!$conn) and have tried if ($conn === -1)
}
else
{
// session variable for ADMIN privileges set in here.
// This block is always entered, regardless of the user or
// the roles they have been granted.
}
}
Hopefully I've left enough there for it to make sense. There's no
problem with making the connection to the db, only with the use of
roles to restrict how the users connect. If anyone knows of any
examples of doing this, I'd very much appreciate a few pointers.
Thanks,
Shannon