Forum Moderators: coopster
There are three levels. Managers, Employees and Users.
When users login, how will I make sure that not all access is gven to them in the application.
Are there any tutorials that can give me little idea about how to do this?
I've cobbled together a system where I assign the user levels numerically
1 = employee
2 = manager
3 = admin,
and put the user level into a session variable when the user logs in.
Permissions are fortunately heirarchical in the systems I'm using it in, so to block managers and admins from admin pages they shouldn't have access to I simply put the following at the top of those pages:
<?
session_start();
if($_SESSION['userlevel']<3){
header("Location: login.php");
exit;
}
?>
... if they're not admin level and somehow try to access an admin page they get bumped out to the login page.
Throughout the 'public' areas of the site I use a bunch of 'if' statements relating to the session userlevel to display or not display userlevel-restricted pages and functions, eg:
if ($_SESSION['userlevel'] > 2 ) {
echo "<P><a href=adm_menu.php>Administration Menu</a><p>";
}
- so users below admin don't even see a link to the admin menu.
It all feels a bit by the seat of my pants though, and if, for example, I wanted to add another intermediate user level it would mean a reasonable bit of running around editing.
I'm sure there must be a tidier, more methodical way of handling it.
1 = employee
44 = manager
77 = admin
adds a little leeway
I have also done loading of various functions on login, using the member level as a variable to access menus among other strangeness. I don't think there is a perfect way.
The way you described is fine deejay, you need to organize your pages/logic so you can minimize the number of ifs.
You're one of the ones I rely on to come on in and say 'actually if you go search for "blah blah technical name you never would have thought of blah" there's a whole elegant method for doing just this'.
Good point on spacing the level ids though. Must do that now before I go any further.
I have also done loading of various functions on login
could you expand on/explain this a little? an example maybe?
...using the member level as a variable to access menus among other strangeness
heheh.. one of the silly little things that I’m rather proud of in a system I’ve just built is that I managed to slot the session userlevel into a function to display a menu based on the modified pre-order tree traversal algorithm. Employees see only categories within their userlevel, managers see everything their level and below, and admins see the whole she-bang. Very pretty, very clean.
Default access 1
Logged in 2
Able to add content 4
Able to edit content 8
Able to delete content 16
Able to edit/delete users 32
Able to see traffic reports 64
Then:
For someone logged in able to add content: 4 + 2 + 1 = 5
For someone logged in able to view traffic report and add content: 64 + 4 + 2 + 1 = 71
For someone logged in able to add and edit content only: 8 + 4 + 2 + 1 = 15
To test if the user is able to edit content:
if ($userlevel%8) ....if ($userlevel%16) ....
There's a lot to be said for using powers of two
probably a bad use of the word function. Mainly just using the session to store vars that have settings specific to that user level. Trying to cut down on the number of ifs.
For one site we used to load into the session which parts of the site the user could access. This added some granularity and allowed us to turn them on or off individually. Then we had a function that would quickly run through the session and build menus and things based on those values.
vince/mcavic
Now THAT has me intrigued. And it's certainly the sort of thing that's been buzzing round the fringes of my mind in terms of my ideal system.
Ok, so I get that the basis of the powers of two is that any set of permissions adds up to a unique total, so any set of permissions can be broken back down to its component permissions.
It's the putting it into play that's confusing me
- I'm not getting your 'if' with the modulus? It's not an operator I've used a lot. I understand it gives the remainder after a division operation, yes? So in your examples:
To test if the user is able to edit content: if ($userlevel%8) ....
user 1: 4 + 2 + 1 = 7 = modulus 0
user 2: 64 + 4 + 2 + 1 = 71 = modulus 7
user 3: 8 + 4 + 2 + 1 = 15 = modulus 7
? I'm confused. Am I misunderstanding the if? Or do we need to break the userlevel total out to an array to test against somehow and how do we do this?
If so, are you passing the userlevel total around in the session and breaking it down to an array each time you want to access it, or can you pass the array around in the session?
I'm gonna blame it on baby brain. I've got that 'right on the tip of my tongue' feeling about this, but I just can't seem to get there from here.
