I would setup a table with different security levels to do this.
So, if you had a table called tblSecurityCheck with columns: username, securitylevel
Then you could assign numbers to what permissions they have.
For instance:
securitylevel = 100 - FTP access
securitylevel = 200 - File Upload
securitylevel = 300 - News Clips
Then different security levels for combinations
I would then create a table called pagesecurity with the columns pagename and level. Data would look like this
viewFTP.php - 100
fileUpload.php - 200
viewNews.php-300
Then, you could have a users table that has username, password (or some encrypted form of password), and securitylevel
Then the methods would look like this:
Code: Select all
function getSecurityLevel($user) {
$this->query = 'SELECT securitylevel FROM users WHERE username='$user' LIMIT 1';
$this->SQL = mysql_query($this->query, $this->dblink);
//Then get $row['securitylevel'] from mysql_fetch_array()
}
function checkPageSecurity($page) {
//Query to get page security level
}
I would probably create a session when user logged in, then have a method that pulls the securitylevel out on each page:
Code: Select all
$securityLevel = $myClass->getSecurityLevel($_SESSION['username']);
$pageSecurity = $myClass->checkPageSecurity($PHP_SELF);
if($pageSecurity > $securityLevel)
print('You do not have access to view this page');
May be a little simplistic, because that's how I do things, but it should work. Sorry if this post offends the sensibilities of all you super-guru PHP coders
