I was wondering if anyone could point me in the right direction or give me an idea how I would setup my website to do user authentication, have a user log in, and have each user joined to groups which determines what pages on my site they can access. Basically I'm going to have FTP, file uploads, email, news clips and so on , and want to be able to give one person access to say all , and another access to only email.
Any ideas or useful links?
Thank You
-Trey
User authentication using Groups
Moderator: General Moderators
-
timclaason
- Forum Commoner
- Posts: 77
- Joined: Tue Dec 16, 2003 9:06 am
- Location: WI
Authentication
I would setup a table with different security levels to do this.
So, if you had a table called tblSecurityCheck with columns: username, securitylevel
Then you could assign numbers to what permissions they have.
For instance:
securitylevel = 100 - FTP access
securitylevel = 200 - File Upload
securitylevel = 300 - News Clips
Then different security levels for combinations
I would then create a table called pagesecurity with the columns pagename and level. Data would look like this
viewFTP.php - 100
fileUpload.php - 200
viewNews.php-300
Then, you could have a users table that has username, password (or some encrypted form of password), and securitylevel
Then the methods would look like this:
I would probably create a session when user logged in, then have a method that pulls the securitylevel out on each page:
May be a little simplistic, because that's how I do things, but it should work. Sorry if this post offends the sensibilities of all you super-guru PHP coders 
So, if you had a table called tblSecurityCheck with columns: username, securitylevel
Then you could assign numbers to what permissions they have.
For instance:
securitylevel = 100 - FTP access
securitylevel = 200 - File Upload
securitylevel = 300 - News Clips
Then different security levels for combinations
I would then create a table called pagesecurity with the columns pagename and level. Data would look like this
viewFTP.php - 100
fileUpload.php - 200
viewNews.php-300
Then, you could have a users table that has username, password (or some encrypted form of password), and securitylevel
Then the methods would look like this:
Code: Select all
function getSecurityLevel($user) {
$this->query = 'SELECT securitylevel FROM users WHERE username='$user' LIMIT 1';
$this->SQL = mysql_query($this->query, $this->dblink);
//Then get $row['securitylevel'] from mysql_fetch_array()
}
function checkPageSecurity($page) {
//Query to get page security level
}Code: Select all
$securityLevel = $myClass->getSecurityLevel($_SESSION['username']);
$pageSecurity = $myClass->checkPageSecurity($PHP_SELF);
if($pageSecurity > $securityLevel)
print('You do not have access to view this page');