Dashe Posted January 10, 2008 Share Posted January 10, 2008 Hi Guys This is my first post here so be nice Wink I am trying to develop an admin area for a site that I am running. there will be about 50 pages in the admin broke into different sections for example: users -> view, add ,edit, delete, add, search news -> view, add, edit, delete I will have about 30 people needing access to certin pages like one person might only be allowed to view users while another can edit and another can edit delete and add etc... What would be the most efficient way of controlling who is allowed to see what and so on. Preferable am thinking of groups so i can add someone to a group thats on the news team so they can all have most of the functions but the news team leader would be the only one to be able to delete etc... Really confused on this as there are lots of ways of doing this, any advice or help would be really appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/ Share on other sites More sharing options...
revraz Posted January 10, 2008 Share Posted January 10, 2008 You can use Group Names and check them via your database and store in a session. Or you can use Group Numbers. Depending on how complex it is, it might be easier to say if groupnumber >= 1 then you can do that, instead of if groupname == "user" && groupname == "superuser" Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/#findComment-435752 Share on other sites More sharing options...
Dashe Posted January 10, 2008 Author Share Posted January 10, 2008 Hi revraz Thanks for the reply Unfotunily I am thinking that this is too complicated to put in groups, it may work, but was just wondering if others had different approach becasue this could have users have access to obscure pages and not connected with the rest of the people that would be normally in there group. Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/#findComment-435982 Share on other sites More sharing options...
Dashe Posted January 11, 2008 Author Share Posted January 11, 2008 So if I was to store ID's of users in groups and then say that only that group can access that page. Would would your opinions be on this structure User Groups: idnameusers 1admins1,2,5 2mods3 3user admins6 Pages idnamegroup_id 1edit_users.html1,3 2delete_users.html1 Then on the page you could check_allowed() that checks the users groups against the ones allowed on that page or am I doing this in an arse about way Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/#findComment-436419 Share on other sites More sharing options...
revraz Posted January 11, 2008 Share Posted January 11, 2008 Groups 1 | admins 2 | mods 3 | user admins Users id | Name | Group 1 | Joe | 2 2 | Fred | 3 Is how I'd do it. Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/#findComment-436426 Share on other sites More sharing options...
Sesquipedalian Posted January 11, 2008 Share Posted January 11, 2008 Have it set a userlevel based on who they are when you add them (I'm assuming your adding manually to the database?). You can have it so that their level (1, 2, 3, 4, etc.) are stored in the MYSQL Database, and then when you log them in it finds their level and sets it as $_SESSION['lvl'], and then you have it display things accordingly. Let's say level 1 is admin, 2 is less, etc. <?php if ($_SESSION['lvl'] == 1) { echo 'Extra Navigation for Adminstrators'; } else if ($_SESSION['lvl'] < 3) { echo 'Navigation for level 2 and administrators.'; } else if ($_SESSION['lvl'] < 4) { echo 'Navigation for level 3, 2, and administrators.'; } So you see, the first if statement, when level == 1, it dispalys a certain navigation only administrators will see. The second one displays navigation that only Administrators and level 2 users should see -- the administrators still see it, because 1<3 (along with 2<3). Then the third one displays navigation that level 3, 2, and administrators will see. The differences are, if someone is logged in as level 3, they won't be able to see any of the other navigation but their own, because 3<3 isn't true, and neither is 3<2. Whereas the Administrator sees everything, because 1 == 1, 1<3, and 1<4. Hope that helps. Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/#findComment-436428 Share on other sites More sharing options...
Dashe Posted January 11, 2008 Author Share Posted January 11, 2008 Thats very similar to the way i am running it now, i just show the appropriate menu but the reason i am thinking of overhauling it is in case people guess the name of the pages, they are in the admin area and authenticated but could guess the delete page. So want to make the page show up "You are not Authorised to use this page" Another problem is that using the esscilating method of 1 to 2 to 3 etc... not everyone on level 3 would have access to everything on level 2 so need a specific system for specific pages. Its a pain in the ass but with 60+ teams using this need to make sure no one has access to anything they shouldnt while being flexiable enought to give someone access to one specific page from another teams stuff. Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/#findComment-436447 Share on other sites More sharing options...
revraz Posted January 11, 2008 Share Posted January 11, 2008 Then yes, you need to set levels for each page, which you should be doing anyways. Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/#findComment-436455 Share on other sites More sharing options...
Dashe Posted January 11, 2008 Author Share Posted January 11, 2008 Thanks a lot guys Quote Link to comment https://forums.phpfreaks.com/topic/85407-solved-admin-area-user-control-help/#findComment-436467 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.