homepage Welcome to WebmasterWorld Guest from 54.205.106.111
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
User Levels in App
Pico_Train




msg:4339887
 9:11 am on Jul 15, 2011 (gmt 0)

Hi there,

I'm about to begin an app that requires different user levels.

Now I have the users table and user_right table.

My users table has user_right_id_fk field and I store that in a session variable so I can check on a per page basis if they have the rights to do certain things, otherwise throw them out to a generic "you don't have the right to view this" page.

Now, is the way I am doing it any good? Or am I creating myself headaches down the road?

Is there a better way?

Thanks!

 

rocknbil




msg:4340016
 3:52 pm on Jul 15, 2011 (gmt 0)

The only thing I'd add is if they don't have the permissions to view a page (which is a more friendly word than rights :-) ) then don't show any links to it. Nothing more frustrating than a bunch of links to stuff I can't use.

Use integer values for your user levels if you're not already.

users
id|email|etc

user_permissions
id|user_id|level
1|1234|0
2|2342|1
3|6467|3

$_SESSION['permissions'] = get_user_perms($userid); // your function


if (is_numeric($_SESSION['permissions'])) {
if ($_SESSION['permissions']>0) {
// show level 1 links, also available to 2 and 3
}
if (($_SESSION['permissions']>1) {
// show level 2 links, also available to 3
}
if (($_SESSION['permissions']>2) {
// show level 3 links
}
}
else { output_login_page(); }


You might want to add the error page anyway as a failsafe, easy enough, make something like the above an include and it goes at the tops of all pages. This would allow you to add levels higher than 3 later in the program's life.

I also don't see why you'd need to store the session id for anything but logging.

penders




msg:4340103
 6:17 pm on Jul 15, 2011 (gmt 0)

The only thing I'd add is if they don't have the permissions to view a page ... don't show any links to it.


I'd possibly add... if a user is logged in and they don't have the perms to view a page then don't show any links to it.

Depending how your app is structured, if you allow non-logged in (guest users), then it could be useful to the user that they see all links despite some of those pages requiring authentication.

Pico_Train




msg:4340737
 10:42 am on Jul 18, 2011 (gmt 0)

Ok yeah, thanks guys, that was the plan too.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved