 Creating A Permission System, PHP - Beginner - Intermediate |
  |
  Oct 27 2004, 05:34 AM
Post
#1
|
|
 Uptight Dot  Group: Moderator
Posts: 1,168 Joined: 20-October 04 Member No.: 916   |
Before you start (please read!):
Just to make sure you doesn't waste your time on this tutorial some things you need to know first. In this tutorial I will not cover building a login (user) system. This tutorial will only learn how to expend your login system to create permissions for users. Maybe I will write a tutorial for building a login system later on. When you know how to build a login system, you will also know how to do this. You doesn't need to learn any new functions. First step (what we are going to use) In this step I will tell you witch fields are needed in you database to go on with this tutorial.  I know for sure that you'll have these main fields. Maybe with another name, but still with the same functions. Second step (placing the user in a 'user group') There are two ways to make the permissions for your users. You can give every user different permissions (this may be handy with cms systems) or you can place every user in a group and give that group the permission value. I guess most of the time the second option is the best one so that’s what we are going to do. Just by adding one field to the user profile will be enough to sort your users.  I used the name 'usergroup' but you can name it whatever you want. Just make sure you will be able remember the name and the associated function. Just to make sure we know what we are doing I've made the following table in Excel.  You will see that how higher the ranking how higher the integer is. Make sure you do the same or else you will need huge if/else statements to make this work. If you think you aren't going to remember them, just create a simple database. You will not use this database, but who cares. After this is done we are going to give each webpage a different name or number. This time a name may be easier to use then a number. Because you doesn't need to change the name in the future (nobody is going to see those names, so why should we change them). The last we need to know is: Witch kind of permissions do we have? Every website is unique and will need other permissions. If you have a forum or article website you will have to use permissions like: - read - write - edit - delete I will use these four permissions to explain how you are going to use them in this system. Just like with the user groups you will need to write them down or make a MySQL database to remember them. Here is my version:  Again the lowest integer is the lowest permission. Third step (bringing everything together) I hope you doesn't have a headache after all of this. Just to bring everything back in one peace we need to build the MySQL permissions table. We are going to use all the information from the second step.  The 'gid' is the number of the usergroup and 'homepage' is the name that I've called my index. The number 1 in gid says that this is for the 'user'-group and the number 3 in homepage stands for what he is allowed to do. This time the 'user'-group is allowed to: read+write+edit. Not delete, because that's higher then 3 (hehehe). It sounds strange but this user also has the banned number 0, but when we go further on you will see that it doesn't matter as long as it is the lowest number. When you've done this you can add as many pages as you like. Here is my MySQL table on the end. I have 4 user groups with all unique permissions.  I hope you now know how the MySQL table is build. In the last step I will explain how to use this table to use on your website. Last step (using the information on your website) To let a user log in a session must be created. Most of the times you will only need to place the user id in the session. And you will have something like this: CODE <?php $_SESSION['ses_login']['id'] = $object->id; ?> But to make sure we can get the user group information on a fast way we insert the user group information in the same session as the login session. CODE <?php $_SESSION['ses_login']['id'] = $object->id; $_SESSION['ses_login']['usergroup'] = $object->usergroup; ?> When you've done this you only need to get the information out of the database. When you need it. If you have a members list you may want to check if the user is allowed to edit and delete users. You can just make something like this to get the information you need: CODE <?php // selecting the right value $mysql = "SELECT memberslist FROM permissions WHERE gid = '" . $_SESSION['ses_login']['usergroup'] . "'"; $results = mysql_query($mysql) or die (mysql_error()); $object = mysql_fetch_object($results); if ($object->memberslist >= 3) { echo "edit button"; } if ($object->memberslist == 4) { echo "delete button"; } ?> If the permission of the user is high enough the user will see the button or else the user won't see anything. You can use this wherever you want.  |
  
|
|
|
Oct 28 2006, 04:03 AM
Post
#2
|
|
 New Member  Group: Member
Posts: 2 Joined: 28-October 06 Member No.: 13,158 |
Hi, i realy wanna try the tutorial
 But Could you fix the images ?  Thanks |
|
|
|
|
Nov 3 2006, 05:18 PM
Post
#3
|
|
|
Merry KissMoose Group: Main Team
Posts: 15,988 Joined: 18-May 04 From: North Pole Member No.: 2  |
QUOTE(Headshot @ Oct 28 2006, 04:03 AM)  Hi, i realy wanna try the tutorial But Could you fix the images ? Thanks fixed |
|
|
|
|
Nov 4 2006, 02:47 AM
Post
#4
|
|
|
New Member Group: Member
Posts: 2 Joined: 28-October 06 Member No.: 13,158 |
Thanks
|
|
|
|
|
Apr 12 2008, 08:47 AM
Post
#5
|
|
|
New Member Group: Member
Posts: 16 Joined: 12-April 08 Member No.: 20,212  |
Very usefull
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 21st November 2008 - 06:18 AM |