Jump to content

database design for a CMS system

cbassett03

By cbassett03
in Application Design

 Share

Recommended Posts

cbassett03 Member

cbassett03

Posted
Posted

Got a question regarding user profiles in CMS systems... I'm looking to build a custom home-made CMS system for myself (my website) but want to be able to add users and have various privilage levels (such as Admin, Moderator, General User, and guest).  Now, since each level will have different access to the MySQL database (such as Admin will have full access, Moderator will be able to add/remove records, but not modify database structure, General User will be able to post to certain areas of the database, but not alter other people's submissions, and a guest will only be able to read the database), is it best to handle the security via PHP code, or should I allow the system to create a user with appropriate privilages directly on the MySQL database server?

 

I'm thinking that writing the security system myself is more work, but might be the better way.  How is this generally handled in other CMS systems?

 

Basically, I want to know if I should have the system add users to the MySQL server, or should i embed the security in the PHP scripts themselves (for example, to check to see if a person is am admin--which would be able to make modifications--versus a guest--who will not be able to make any modifications to the database).

Link to comment
https://forums.phpfreaks.com/topic/213785-database-design-for-a-cms-system/
Share on other sites
ignace Advanced Member

ignace

Posted
Posted
I'm looking to build a custom home-made CMS system for myself (my website) but want to be able to add users and have various privilage levels (such as Admin, Moderator, General User, and guest).

 

YAGNI (You Ain't Gonna Need It)

 

Now, since each level will have different access to the MySQL database ... such as Admin will have full access

 

Bad idea. Just imagine someone hacks your account! Your application should suffice with one MySQL account with GRANTS on SELECT and INSERT. Not DELETE or UPDATE. You use a CMS for Content Management, if you DELETE it you can no longer manage it. Instead introduce archiving which is what businesses do once the data no longer serves any purpose to the company (but it may in the future) either on paper in some storage room or on digital format (CD, DVD, ..) or both. You also don't need UPDATE as CMS systems tend to version data. Look into version-control and check-in/out.

 

CMS systems can become really complex depending on the business that needs them as almost each company has different business rules for content management. So while you are making your home-grown CMS system KEEP IT SHORT AND SIMPLE (KISS)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.