1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 11:47 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

How to store subscribed features in a session

         

Claes100

12:37 pm on Aug 21, 2009 (gmt 0)

10+ Year Member



Hi,
there are probably a lot of solutions for this...
I will have a site with horizontal tabs, one for each feature my customer can subscribe to.
At login, authentication will be done with user name and hashed password from MySql, from which I will also fetch info about which features the customer subscribes to.
My plan is to store all subscribed feature names in an array in a session variable $_SESSION['features'], e.g. [feat1, feat3, feat6], and also name all php files connected to each feature as feat1.someName.php, feat1.someName2.php etc.
Included at the very top of all files I was thinking of checking that the prefix of the current file exists in the $_SESSION['features'] array, thus authorizing the user to access the file...

Is this a good approach or are there better/other ways to check that the user "subscribe"/is autorized to view a file?

Thanks in advanced!

/Claes

andrewsmd

4:15 pm on Aug 21, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'm not really for sure if I understand your approach. I have done this before and the simplest way I found was to create a simple function that took in a few parameters to check to see if a user could access a file and also for what tabs to display. For the tabbing issue I created a mysql table that kept user roles and the tabs to display. Lets say we have super admin and regular admin. Let's also assume we have 4 tabs tab1 tab2 tab3 and tab4.
Now super admin would have access to all of them but regular admin would only have access to the first two. So in my table it would look something like
id ¦ role ¦ tab
1 ¦ super admin ¦ tab1
2 ¦ super admin ¦ tab2
3 ¦ super admin ¦ tab3
4 ¦ super admin ¦ tab4
5 ¦ regular admin ¦ tab1
2 ¦ regular admin ¦ tab2

So when someone logs in, you generate the tabs with PHP (I'm partial to using templates) and you would
select tab from tabJoinTable where role = '{$_SESSION['userRole']}'
That's assuming you have their role in a session variable.
Please note that even though I had text representations of the roles, when I stored them in session variables I kept them hashed so someone couldn't spoof a role by changing the session variable they pass to another text representation. Now even though you don't display the tabs, they still my try to access a page by some other way. For this, you need a table with the roles and pages
ie
id ¦ role ¦ page
1 ¦ regular admin ¦ somepage.php
1 ¦ regular admin ¦ somepage2.php

Then just include this function in every page.
function checkPermission(){

//you would need the code to get the current
//user's role here

//you would need to get the current page url here

//then do something like
//select count(*) from userPermissionTable where role = '{$userRole}' and page = '{$currentUrl}';

//loop through that and do an if to see if it returns a row
//if it does return true otherwise set the header to
//redirect to a permissions error page.

}//function

Hope that helps.

Claes100

7:16 am on Aug 24, 2009 (gmt 0)

10+ Year Member



Andrewsmd,
that is, with some modifications, what I need. Thanks for leading me in the right direction!

/Claes

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 11:47 pm Apr 28, 2026