blacklion Posted February 25, 2009 Share Posted February 25, 2009 Hi All, I'm a total noob to php but I've started a little project which will eventually require a user privilege system. I was after a bit of advice as to how to go about it. I thought about simply using the MySQL privilege system and putting my own front end on it. (as 90% of the privileges will be based around the db tables anyway) However, I am not sure of the best way to retrieve privileges from mysql (show grants being the only command I have seen so far, or interrogating the mysql db directly...) Also, there could be situations where a user may not have a select privilege on a specific field (e.g price) but I would wish to show all other fields that he is able to view - it seemed to me that the entire query fails if there is a no privilege violation... how to get around this? Otherwise, should I implement my own manual system? I hope that makes sense and probably this is in the wrong forum (mysql?) but largely my query is how to programatically access the privilege system and the best way to go about it so I figured the php forum is best! Any hints you can give me would be most welcome! Thanks BL Link to comment https://forums.phpfreaks.com/topic/146951-noob-advice-needed/ Share on other sites More sharing options...
supermerc Posted February 25, 2009 Share Posted February 25, 2009 The way I make my privileges is that I put them in my session variables on log in and when theres something that requires more privileges I do something like if ($SESSION[priv] < '3'){ echo 'insufficient access';}else{whatever you want} Link to comment https://forums.phpfreaks.com/topic/146951-noob-advice-needed/#findComment-771460 Share on other sites More sharing options...
allworknoplay Posted February 26, 2009 Share Posted February 26, 2009 I just use a custom access level table and apply the access levels to the users. And then use sessions to allow users to scour my site.... Link to comment https://forums.phpfreaks.com/topic/146951-noob-advice-needed/#findComment-771486 Share on other sites More sharing options...
pquery Posted February 26, 2009 Share Posted February 26, 2009 When you do your schema think about using a "security_level" or "user_level" table that associates the level and privilages of the current user and then that allows for global changes later on and you can have the ability to 'stack' privileges. here's an example framework (done MySQL style) levelID int (4) levelName varchar (65) then in your users table just include a table field to associate the corresponding user level upon lookup. Then just use sessions at the top of each page to look up access allowed on that page based on the user level. I've also used Smarty before and used some of the built in functions to show or hide content on the template pages based on user access level set in the session. Link to comment https://forums.phpfreaks.com/topic/146951-noob-advice-needed/#findComment-771489 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.