User authentication using Groups

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
treydock
Forum Newbie
Posts: 1
Joined: Sun Dec 03, 2006 11:00 am

User authentication using Groups

Post by treydock »

I was wondering if anyone could point me in the right direction or give me an idea how I would setup my website to do user authentication, have a user log in, and have each user joined to groups which determines what pages on my site they can access. Basically I'm going to have FTP, file uploads, email, news clips and so on , and want to be able to give one person access to say all , and another access to only email.

Any ideas or useful links?

Thank You
-Trey
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

timclaason
Forum Commoner
Posts: 77
Joined: Tue Dec 16, 2003 9:06 am
Location: WI

Authentication

Post by timclaason »

I would setup a table with different security levels to do this.
So, if you had a table called tblSecurityCheck with columns: username, securitylevel
Then you could assign numbers to what permissions they have.

For instance:
securitylevel = 100 - FTP access
securitylevel = 200 - File Upload
securitylevel = 300 - News Clips

Then different security levels for combinations

I would then create a table called pagesecurity with the columns pagename and level. Data would look like this

viewFTP.php - 100
fileUpload.php - 200
viewNews.php-300

Then, you could have a users table that has username, password (or some encrypted form of password), and securitylevel

Then the methods would look like this:

Code: Select all

function getSecurityLevel($user) {
$this->query = 'SELECT securitylevel FROM users WHERE username='$user' LIMIT 1';
$this->SQL = mysql_query($this->query, $this->dblink);
//Then get $row['securitylevel'] from mysql_fetch_array()
}

function checkPageSecurity($page) {
//Query to get page security level
}
I would probably create a session when user logged in, then have a method that pulls the securitylevel out on each page:

Code: Select all

$securityLevel = $myClass->getSecurityLevel($_SESSION['username']);
$pageSecurity = $myClass->checkPageSecurity($PHP_SELF);

if($pageSecurity > $securityLevel)
print('You do not have access to view this page');
May be a little simplistic, because that's how I do things, but it should work. Sorry if this post offends the sensibilities of all you super-guru PHP coders :)
Post Reply