...

View Full Version : User permissions



martynball
02-16-2010, 09:49 PM
What is the best way to give a user permissions to certain pages/parts of the page?

The way I have done it before...
Database:
Column1 Column2 Column3


username---password---permissions
testuser----testpass-------e------


Login:


//Data from database
$permissions //This has the value of e (edit).

//Logged in successfully, now make sessions...
$_SESSION['permissions'] = $permissions;



Page 1:


//Menu item
<?php if ($_SESSION['permissions'] == e) { echo "<a href=\"admin.php\">Admin</a><br />" } ?>
<a href="menuitem2.php">Menu Item 2</a>


And a normal page like admin.php:


//At the top of the page
<?php if ($_SESSION['permissions'] != e) { header(url:index.php?mess=getout) } ?>

Fou-Lu
02-16-2010, 10:36 PM
Bitwise I used to use:
Can Read Own = 1
Can Read Others = 2
Can Edit Own = 4
Can Edit Others = 8
Can Write Own = 16
..... and so forth. This is good for 32 permissions. Then store the bit sums of these. So a user with Can Read Own, Can Read Others and Can Write Own for example would be 1 + 2 +16 = 19. Then use this to do you're checks:


if ($user['permissions'] & CAN_READ_OWN)
{
// Do stuff to read their own somethings
}

if ($user['permissions'] & CAN_WRITE_OWN)
{
// Do stuffs to write their own somethings
}


Something along that lines. My newest stuff uses a fully integrated ACL, but its custom to application.

martynball
02-16-2010, 10:59 PM
You seemed to use something which PHPBB uses, where instead of checking for a variable you already have "CAN_WRITE_OWN". I don't understand how this works.

PHPBB has something like:
if (U_IS_LOGGED) { //do something ....

How do you do this?

Fou-Lu
02-16-2010, 11:06 PM
Thats just a boolean, its completely different:


define('U_IS_LOGGED', true);

if (U_IS_LOGGED)
{
...


For doing permissions, you'd do something like this (or you can lookup from DB's or whatever)


define('CAN_READ_OWN', 1);
define('CAN_READ_OTHERS', 2);
define('CAN_EDIT_OWN', 4);
define('CAN_EDIT_OTHERS', 8);
//....

// Look up some permissions or whatever you do
if (($user['permissions'] & CAN_EDIT_OTHERS) != 0)
{
// execute code allowing users to edit other posts or profiles or whatever this represents
}



I have no idea how PHPBB does permissions. I think vB uses a similar idea with the forums nowadays though.

martynball
02-17-2010, 11:23 PM
Can I use the above technique to do things like this?



define('U_LOGGED', true); //Use logged in

if (U_LOGGED == true) {
//Logged in
} else {
//Not logged in...
}
// Or >>>>
if (U_LOGGED) {
//Logged in
} else {
//Not logged in...



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum