-1

I already have an existing login system using php and mysql using sessions. I think i do not need to post the code here.

i want to add a user level feature to it, wherein it limits the pages that can be viewed by a registered user depending on his access level. Example user level 1 can can access pages 1-5 only, and user level 2 can access pages 1-10, and so on.

i addedd a userlevel column on my members table. and i do not know what is the next step.

what particular function / code can be used to set the user level restrictions on the pages?

i tried searching out for examples in the web but can't find any good one.

please help

PHPNewbie
  • 35
  • 3
  • 11

4 Answers4

1

You haven't given me much information as to what's happening (Maybe that's why your username is PHPNewbie).

What I did have done with a previous user system of mine is I had a separate table called groups. In the groups table it had boolean values of different privileges in columns (such as canComment). Whenever I needed to verify if a user could perform an action, I just checked for a true value in action's column.

You could implement this by having a broader user system, where an integer userLevel could indicate the group of the user (0 - root, 1 - basic etc.). What it appears you want is a page restriction system. I can suggest you use a switch statement that retrieves the userLevel as so - 

switch(userLevel) { //Where userLevel is an int retrieved from the session/database
case 0:
    echo $page;
break;

case 1:
    echo "You cannot access this resource...";
break;
liamzebedee
  • 14,010
  • 21
  • 72
  • 118
0

Here's a thorough explanation of how to build group level user permissions:

Applying column permissions for a table over a trigger

Community
  • 1
  • 1
Gavin Towey
  • 3,132
  • 15
  • 11
0

You can make a function getUserLevel(userId) that returns the database lavel of the user, and check that level on the pages you want ( if(getUserLevel($_SESSION['user_id']) < 5) { display something } else { display something else }) etc...

radonys
  • 597
  • 1
  • 9
  • 20
  • can you give me a concrete example? :-) – PHPNewbie Sep 20 '11 at 09:20
  • It's trivial. Something like this: `function getUserLevel($user_id) { $result = mysql_query('SELECT user_level FROM table WHERE id="{$user_id}"'); if ($result) { while ($row = mysql_fetch_assoc($result)) { return $row['user_level']; } return null; }` – radonys Sep 20 '11 at 09:28
0

What you are talking about is called an Access Control List (ACL) and is a wheel which has been invented many times.

There are several tutorials available on the internet such as this one http://dev.juokaz.com/php/acl-made-easy-part-1. A quick search will find others which you may prefer.

A pre-made solution may suit your needs, I found this one http://pear.php.net/package/LiveUser/redirected, again there are others available.

What you want to avoid is having access control peppered around your code, keep to good practices and keep it encapsulated so that you can make changes in just one place.

vascowhite
  • 18,120
  • 9
  • 61
  • 77