Have you specified the UserId parameter in the server profile? Anyone signing in using the validation list should be running under this User Id and will have those access rights.

Does that not work for you?

Jon Paris


On Aug 21, 2018, at 11:53 AM, Steve Richter <stephenrichter@xxxxxxxxx> wrote:

not sure how users should login to a PHP web page and access the IBM i
database. Are there good solutions?

Initially I was using basic authentication. The browser would prompt for
user name and password. The PHP code would then store the user name and
pass in $_SERVER variables. PHP_AUTH_USER and PHP_AUTH_PW.

This worked. But the process is a bit confusing. But more so, what to do
when adding a web user who does not have an IBM i user profile?

So I changed to using validation lists. Which are easier to work with in a
SPA type web page. And the login prompt is a bootstrap modal that looks

The problem with validation list is how to run code on the server under the
IBM i user profile of the web user? I know about the QSYGETPH and QWTSETP
APIs which allows a job to change its user profile. But you need the
password of the user to do this. Where to securely store the password? Or
give QTMHHTTP authority to switch to a user profile without the password.
Which means any code running in PHP can switch to another user profile?

Is there guidance from IBM on how to limit access to tables and programs to
specific user profiles when running PHP web code?
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.