PHP login with access control

[cory011202]

Hello all,

 

I have came to this site and received amazing help and I am hoping that you can point me into the right direction in what I am trying to accomplish. I have a site that I want to have a login page that a user logs into. With a successful login they have access to certain areas of the site. I have scoured the internet looking for a tutorial that might explain how this would work. Hopefully someone on here can point me to a place that will point me in the right direction.

 

Work flow will be something like this

 

User logs in as admin: they will see an admin option for user management and what not as users need to be confirmed manually.

 

user logs in as a regular user: they see certain pages but possibly not all pages depending on what their authorized to see.

 

That is it in a nutshell any help will be greatly appreciated.

 

 

 

[smerny]

just have a 'rank' field or so something in your user table..

 

then show stuff based on what the users rank is

[givememore]

Yes, the rank field seems to be the correct way, but if you don't have a strict ordered rank (meaning there are pages/functions a user even with a high rank isn't allowed to use, but another user with a lower rank exceptional is allowed) you probably run into problems.

I solved that using a field for userrights storing a number witch bitwise defines the individual rights. That way is applicible if you don't have more than 32 different right-options (with more than 32 options you may run into problems identifying / setting the correct bit depending on your environment).

 

Let's have a look to some details:

 

1.) I defined an Array containing each userright as key and the corresponding bit as the value:

 

/////UserRights\\\\\
$rights = array(
         "read_group1" => pow(2, 0),
         "read_group2" => pow(2, 1),
         "read_group3" => pow(2, 2),
         "edit_group1" => pow(2, 3),
         "edit_group2" => pow(2, 4),
         "edit_group3" => pow(2, 5),
         "admin_group1" => pow(2, 6),
         "admin_group2" => pow(2, 7),
         "admin_group3" => pow(2, ,
         "usermanager" => pow(2, 9),
         "systemadmin" => pow(2, 10)
      );

In example user 'Fred' is allowed to read, edit and admin groups 1 and 3 and he is allowed to read group 2, his userright result in:

Bit109876543210[/td]

[td]Value

00101101111= 367

The decimal value (367) is stored in the field 'rights' of my usertable.

 

2.) The usertable is read in PHP using the 'normal' database functions. All user data is stored in the named Array $user. So I retrieve the userrights with $user['rights'].

 

3.) Now it is possible to decide in PHP whether a user is allowed to use a function or not comparing his $user['rights'] to my $rights Array:

if ($user['rights'] & $rights['read_group1']) {
	//show messages in group 1
}

if ($user['rights'] & $rights['edit_group1']) {
	//edit messages in group 1
}

 

hope that helped

Burkhard

[cory011202]

Thanks smerny & givememore!! I have been researching this for awhile now as a side project trying to figure this out for local home server. I want to do certain web pages are shown depending on their permissions (rank). I have not implemented this fully but have played with it to ensure I fully understood what you were telling me. 

 

thanks again!

 

[mytimelimit]

One word of warning before I go any further: any system you build, which involves the transfer of data from a Web page over the Internet, will send that information in clear text by default (Web servers that require Secure Socket Layer (SSL) connections will safely encrypt the data during transit.

 

[spam removed]