1,105,644 Community Members

page privileges to different group of users

Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi all.. im now building a web-system using php..and i have 4 groups of users
1- G1
2- G2
3- G3
4- G4

in my db, those are in my table called "u_userGroup" and for my entity is "groupCode".

so, these 4 groups have different privileges to each page..
G1 can access to all page, G2 and G3 can add,view,list,edit, G4 only can add and view...
i know that i have to do the "if else" thing at the top of each page, but im not sure how to do it...
can someone help me..

Member Avatar
code739
Posting Whiz in Training
213 posts since May 2012
Reputation Points: 17 [?]
Q&As Helped to Solve: 30 [?]
Skill Endorsements: 6 [?]
 
0
 

my advice to you is at your db you should have allocated permission column like
firstname | access
maryjoye | 1-> admin
then as the users login put the access column to a $_SESSION so you could use it on a session to easy identify what is the permission of the user who is online
then
in every restriction function you have you could do an if else condition,
depends on how you design you page...
for example a noramal that is not an admin will try to access a page with the code
below

    if($_SESSION['access']!=1){
        echo 'Oops you dont have a permission on this page';
        exit;
    }

he cant access the page if his the admin=1 then a normal user=any_number_not_one

Member Avatar
broj1
Posting Virtuoso
1,580 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 219 [?]
Skill Endorsements: 21 [?]
Featured
 
2
 

Tis is how I did it and it proved to be a good concept. I have defined access levels which were integers. The higher the level (value) the higher the privileges.
Between each level I had a space for new levels if I need them later. The access level is saved in the user database for each user.

access_level | description
--------------------------
         220 | application admin (developes only)
         200 | contents admin
         180 | system admin
         100 | regular user (edit, view)
          60 | viewer (view)
           0 | no access

As you can see I use unsigned integer for access level so it does not take much space in db. I have plenty of room below and above the range and also between access levels which proved good tactics since I had to add levels already. The access level gets stored in the session during login so all I have to do is to compare it with required level on the beginning of each page:

// example for checking a system admin's access level
if(!isset($_SESSION['access_level']) || $_SESSION['access_level'] < 180) {
    header('location: logout.php');
}

In the above example only system admin and higher levels can access the page.

I also define constants to make the code more readable:

define('ACCESS_LVL_APPADMIN', 220);
define('ACCESS_LVL_CONTADMIN', 200);
define('ACCESS_LVL_SYSADMIN', 180);
define('ACCESS_LVL_REGUSER', 100);
define('ACCESS_LVL_VIEWER', 60);
define('ACCESS_LVL_NOACCESS', 0);

// example for checking a system admin's access level
if(!isset($_SESSION['access_level']) || 
   $_SESSION['access_level'] < ACCESS_LVL_SYSADMIN) {
    header('location: logout.php');
}
Member Avatar
diafol
Where are my eyes?
12,991 posts since Oct 2006
Reputation Points: 1,821 [?]
Q&As Helped to Solve: 1,849 [?]
Skill Endorsements: 92 [?]
Moderator
Featured
Sponsor
 
1
 

I'd use a bitwise operator and give groups this sort of value:

Group1 - 1
Group2 - 2
Group3 - 4
Group4 - 8
Group5 - 16
(etc)

Then an user can be members of more than one group:

User1 - 12 (memner of group 3 and 4)

meaning that they now have security clearance for both those groups.

You can check for rights:

define('GROUP1', 1);
define('GROUP2', 2);
define('GROUP3', 4);

if($userlevel & GROUP3){
   //this will allow anybody with userlevels 4,5,6,7,12... access to this section of code  
}
Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

ok.. i wanna try @broj1 method first.. and i have a question,for the access_level...
i have a table called u_userGroup like this

groupCode  |  groupDesc  |  groupStatus 
----------------------------------------
G1      |   Admin       |   active
G2      |   KSBP        |   active
G3      |   KS          |   active
G4      |   reg_user    |   active

then, thats mean i have to create an entity for access_level right..?
so it will be like this:

groupode | access_level | groupDesc
--------------------------
G1  |    220 | Admin
G2  |    200 | KSBP
G3  |    180 | KS
G4  |    100 | reg_user

then, i need to create a php file with this in it.?

define('ACCESS_LVL_APPADMIN', 220);
define('ACCESS_LVL_CONTADMIN', 200);
define('ACCESS_LVL_SYSADMIN', 180);
define('ACCESS_LVL_REGUSER', 100);
define('ACCESS_LVL_VIEWER', 60);
define('ACCESS_LVL_NOACCESS', 0);

then compare it with required level on the beginning of each page.
am i right....?
please correct me if im wrong..

Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

@broj1

this code means:

if(!isset($_SESSION['access_level']) || $_SESSION['access_level'] < 180) {
header('location: logout.php');
}

if the user's access_level is below than 180 it will directly go to the logout page right?

i tried that way, but even the access level is higher that 180, it still directly go to logout page.

Member Avatar
broj1
Posting Virtuoso
1,580 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 219 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

if the user's access_level is below than 180 it will directly go to the logout page right?

Yes. It also redirects you to logout if the session variable does not exist.

i tried that way, but even the access level is higher that 180, it still directly go to logout page.

Can you show the code. Have you started the session? Does the $_SESSION['access_level'] exist at all?

Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

@broj1
i already got it..i wrongly put the 'access_level' to another table.. :p

but i have another problem..there is one page, only 2 group(G1 and G3) can access the page..how do i do it..?

Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

@diafol

would you explain a bit more about your method..
there is one page, only 2 group(G1 and G3) can access the page
i think, this problem can be solved with your method..but i'm not sure how to do it..

Member Avatar
broj1
Posting Virtuoso
1,580 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 219 [?]
Skill Endorsements: 21 [?]
Featured
 
1
 

You can do it using case statement:

if(!isset($_SESSION['access_level']) || $_SESSION['access_level'] < 180) {
    header('location: logout.php');
} else {
    switch($_SESSION['access_level']) {
        case 220 : header('location:restricted_page1.php'); break;
        case 200 : header('location:restricted_page2.php'); break;
        case 180 : header('location:restricted_page1.php'); break;
        default : header('location:logout.php');
    }
}

I haven't noticed your question to me about access levels in one of your previous posts. Have you got those answers yet?

Member Avatar
diafol
Where are my eyes?
12,991 posts since Oct 2006
Reputation Points: 1,821 [?]
Q&As Helped to Solve: 1,849 [?]
Skill Endorsements: 92 [?]
Moderator
Featured
Sponsor
 
1
 

would you explain a bit more about your method..
there is one page, only 2 group(G1 and G3) can access the page
i think, this problem can be solved with your method..but i'm not sure how to do it..

No problem - just so that you're aware, broj1 has the solutions that you're looking for. But for completeness and since I left it dangling there, I elucidate:

DB Table

group_id (autonumber) | groupname (varchar) | groupvalue (int)
1 | G1 | 1
2 | G2 | 2
3 | G3 | 4
4 | G4 | 8
5 | G5 | 16
6 | G6 | 32

User Table

user_id (autonumber) | username (varchar) | groups (int)
23 | diafol | 7
45 | eros | 17

The above means:
diafol is a member of groups G1, G2, G3 (1 + 2 + 4)
eros is a member of groups G1, G5 (1 + 16)

I suppose you could create your constants dynamically.

define("G1", 1);
define("G2", 2);
define("G3", 4);
define("G4", 8);
define("G5", 16);
define("G6", 32);

$usergroups = 34; //this would be set from DB on login - 34 only made up from 2 + 32

if($usergroups & G1)echo "G1"; // (34 & 1) - no match
if($usergroups & G2)echo "G2"; // (34 & 2) - match!
if($usergroups & G3)echo "G3"; // (34 & 4) - no match
if($usergroups & G4)echo "G4"; // (34 & 8) - no match
if($usergroups & G5)echo "G5"; // (34 & 16) - no match
if($usergroups & G6)echo "G6"; // (34 & 32) - match!
Member Avatar
broj1
Posting Virtuoso
1,580 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 219 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

But for completeness and since I left it dangling there

Still very nice example of using bitwise operators. Useful in other cases, too, like PHP error reporting.

Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

@diafol

$usergroups = 34; // this would be set from DB on login

what do you mean by that?would you explain a bit more. i don't understand..

Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

@broj1

i tried to do you way..but it wont work...it takes me to the logout page.
This how i do it..here are my codes

 <?php
session_start();

   if(!isset($_SESSION['access_level']) || $_SESSION['access_level'] > 100) {
header('location: logout.php');
} else {
         switch ($_SESSION['access_level']) {
            case 220 : header('location:borangK8.php');
            default : header('location:logout.php');
        }
    }

?>
Member Avatar
diafol
Where are my eyes?
12,991 posts since Oct 2006
Reputation Points: 1,821 [?]
Q&As Helped to Solve: 1,849 [?]
Skill Endorsements: 92 [?]
Moderator
Featured
Sponsor
 
0
 

1) You need to place exit; after a header();
2) Check the value of $_SESSION['access_level'] with an echo immediately after the session_start();

This should block the header() as it causes output, but at least you'll see the value on the screen.

Member Avatar
broj1
Posting Virtuoso
1,580 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 219 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

It would be also expected that you logout visitors with access level less than 100, not greater than 100. The higher the acces level the more rights the user has. Like below:

if(!isset($_SESSION['access_level']) || $_SESSION['access_level'] < 100) {
Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

This is how i do it. for the case 200 and case 180, its working just fine..
but for the case 220 it doesn't work, when the user with access_level = 220, it have an
error: the page isn't redirecting properly.

 //  checking a system access level
   if(!isset($_SESSION['access_level']) || $_SESSION['access_level'] < 100) {
header('location:mainBaru.php');
} else {
         switch ($_SESSION['access_level']) {
            case 220 : header('location:borangK8.php');
                break;
            case 200 : header('location:mainBaru.php');
                break;
            case 180 : header('location:mainBaru.php');
                break;
            //default : header('location:logout.php');

            exit();
        }
    }
Member Avatar
broj1
Posting Virtuoso
1,580 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 219 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

The only thing I can come up with is that the url might be incorrect. Have you checked spelling?

Member Avatar
sagisgirl
Junior Poster in Training
61 posts since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

i already checked the spelling..there is nothing wrong with the spelling..
this page called "borangK8",
the user can access this page are access_level 220 and access_level 100. the user with access_level 220 having the problem: the page isn't redirecting properly.. is it because of this code?

case 220:header('location:borangK8.php');
                break;
Member Avatar
broj1
Posting Virtuoso
1,580 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 219 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

Check if $_SESSION['access_level'] is really 220. You can also try to put the line

header('location:borangK8.php');

on top of the script to see whether redirection works.

Also make sure no html (not even a space) is sent before header() function. Check your script and included files for output.

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article