I am designing a web site, and it has the ability to log in. When someone is logged in, there is at times a need to know what group they're in. Specifically, whether they are in the officer
group. Currently, I have a MySQL stored proc BOOL is_officer(INT id)
, where id
is the user id number.
My question: Is it wise to make a PHP function in my library (bool) is_officer()
, which uses $_SESSION['id']
and calls the MySQL stored proc?
Next, is it wise to make a page /ajax/is_officer.php
, which would call the function in PHP, which would in turn call the MySQL stored proc, in case I need to (insecurely) know whether the user is an officer on-the-fly?
(Last would be making a JS function is_officer()
which would send an AJAX request to is_officer.php
).
tl;dr: Same function name in many languages, one calls another, closer and closer to the database -- good idea or bad idea?
I'm basically asking for your guidance here -- sort of a communal yay/nay vote. Does this match any design patterns you've seen in the past?