Jump to content

users and priviledge levels in php


Recommended Posts

1.      How would we check if a user has a correct permission level to access a section of a page that has a privilege level like (1=Add,2=Move,4=Edit,8=Delete) assigned to various protected sections?


2.      What is this type of permissions assignment known as and what group of functions do we use to manipulate these permissions?


3.      If my user (in line with the previous example) had a privilege level of 14, which of the privileges would they have access to and how would I check this (give example code)?

Link to comment
Share on other sites

There is a number of ways you can do this.. you can use sessions, cookies, variables passed through url, variables passed through script. Unfortunately. Its not simple task per say. If I understand your questioning right. I am assuming you think there is an already pre-built function in php that determines this though a special function or variable. Unfortunately if that be the case, then Im pretty sure I can say there isnt. When it comes to user privileges and access to areas on a site you have to devise a system to handle that, starting with who gets what with each type of access permission. From there you have to build functions to find what level they are, if they have the right permission for what they are about to do and so on. Then on top of that devise things that if they don't to block them. In short its an under taking to build it up, specially from scratch. but from scratch in a matter of opinion is usually the best as it will be unique to you and your site, and its functions.


All in all though I would say use sessions to pass/store the access level type. Then use your scripting to find out if they have the right or don't and then act upon either side of that notion.

Link to comment
Share on other sites

Efficiency is derived from the implementation of the system.

So Sessions is kinda a moot point in saying its efficient on developing a system.


A simple database (commonly seen)

CREATE Table `users` (
  name varchar(32) NOT NULL DEFAULT '',
  canadd ENUM ('yes','no') DEFAULT 'no',
  canmove ENUM ('yes','no') DEFAULT 'no',
  candelete ENUM ('yes','no') DEFAULT 'no'


Although this system is easy to develop, edit, and use, its very inefficient.


As ToonMariner Suggested, ya may opt in learning BitWIse Operators, this does add a complexity in coding and queries.

but it adds to code efficiency. And once learned, its not hard to maintain at all.


Link to comment
Share on other sites


Yes the OP can store the user's permissions in a session variable after they've been loaded from the database once.  But a session variable in no way shape or form helps the development and design of a permissions system for an application.


This is an old thread that may assist:



Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.