Michdd Posted November 4, 2008 Share Posted November 4, 2008 I've been working with php for a while now, but I haven't looked into this yet, I'm creating something and I'm wondering how to define permissions that a user would have in the user system on my website. Like defining permissions for an admin, or for a normal user. Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/ Share on other sites More sharing options...
revraz Posted November 4, 2008 Share Posted November 4, 2008 Have a field in your DB that sets their level, then when they log in check that level of access. Each page that you want secured, have it check their access via a session. Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682147 Share on other sites More sharing options...
Michdd Posted November 4, 2008 Author Share Posted November 4, 2008 Thanks. But it would be professional to say set the permissions in another file then just include that everywhere I want it to be checked? Right? Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682162 Share on other sites More sharing options...
revraz Posted November 4, 2008 Share Posted November 4, 2008 If you want it to be static, sure. Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682163 Share on other sites More sharing options...
Adam Posted November 4, 2008 Share Posted November 4, 2008 Yeahh it's really that simple. Best way is to set the field to integer, probs with a length of just 1 - unless you plan on making more than 10 levels of users? Then have another table setup to define the user levels, something like: user_lvl / name -------------- 1 / Basic user 2 / Moderator 3 / Admin .. or something similar so you can have a descriptive name for the user level you can lookup to display on the website. You can obviouslly make it much more advanced if you wished... When the user logs in simply check their user level against whatever you want to set for that particular page.. and there you go basic user permissions.. Adam Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682167 Share on other sites More sharing options...
Adam Posted November 4, 2008 Share Posted November 4, 2008 To be honest the database method would be the simplest, quickest and more professional.. Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682168 Share on other sites More sharing options...
revraz Posted November 4, 2008 Share Posted November 4, 2008 Professional is a relative term. If you don't have a DB to use, you can still use flat files. Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682172 Share on other sites More sharing options...
serverman Posted November 4, 2008 Share Posted November 4, 2008 well database is also safer than flat file. if you do flat file anyone can just open the file and view user, email, password(if your not encrypting it.) Also if you aren't good with DB it is worth taking the time to learn because it really opens up a world new things you can do with PHP or any other Serverside script. Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682179 Share on other sites More sharing options...
Michdd Posted November 4, 2008 Author Share Posted November 4, 2008 So I would basically have to do it by using like if statements to show what will show/what they can do depending on their level id? like.. (1 = admin) -- if($id == "1"){ can do something } else { can't } That's the 'correct' way of doing it? Or is there a more professional way? Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682208 Share on other sites More sharing options...
Andy-H Posted November 4, 2008 Share Posted November 4, 2008 The way I usedto do it for a mafia game I coded was have a seperate table called staff, Staff ---- id INT username VARCHAR level INT(1) Staff_IP Last_IP VARCHAR pin INT Then I would check if their username session was stored in that table ie. $query = "SELECT pin, level FROM staff WHERE username = " . mysql_real_escape_string($username) . " LIMIT 1"; $result = @mysql_query($query); $n = mysql_num_rows($result); if ($n == 1){ $row = mysql_fetch_row($result); $pin = $row[0]; $level = $row[1]; $required_level = 1 // 1 for help desk // 2 for mod // 2 for admin if ($level < $required_level){ die("Access denied."); }else{ //code //check if they enter correct 4 digit staff pin... } }else{ die("Restricted access."); } I would also log the IP of the last person who made an action on that account and check it against the staff members IP Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682224 Share on other sites More sharing options...
Michdd Posted November 4, 2008 Author Share Posted November 4, 2008 Thanks, that helps a lot, but you made me remember something else I was wondering about, how do I get the IP of say someone registering? Or do anything on my site for that matter. Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682244 Share on other sites More sharing options...
Adam Posted November 4, 2008 Share Posted November 4, 2008 $ip = $_SERVER['REMOTE_ADDR']; Quote Link to comment https://forums.phpfreaks.com/topic/131356-defining-user-permissions/#findComment-682313 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.