Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post

    User permissions

    What is the best way to give a user permissions to certain pages/parts of the page?

    The way I have done it before...
    Database:
    Column1 Column2 Column3
    Code:
    username---password---permissions
    testuser----testpass-------e------
    Login:
    PHP Code:
    //Data from database
    $permissions //This has the value of e (edit).

    //Logged in successfully, now make sessions...
    $_SESSION['permissions'] = $permissions

    Page 1:
    PHP Code:
    //Menu item
    <?php if ($_SESSION['permissions'] == e) { echo "<a href=\"admin.php\">Admin</a><br />" ?>
    <a href="menuitem2.php">Menu Item 2</a>
    And a normal page like admin.php:
    PHP Code:
    //At the top of the page
    <?php if ($_SESSION['permissions'] != e) { header(url:index.php?mess=getout) } ?>

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Bitwise I used to use:
    Can Read Own = 1
    Can Read Others = 2
    Can Edit Own = 4
    Can Edit Others = 8
    Can Write Own = 16
    ..... and so forth. This is good for 32 permissions. Then store the bit sums of these. So a user with Can Read Own, Can Read Others and Can Write Own for example would be 1 + 2 +16 = 19. Then use this to do you're checks:
    PHP Code:
    if ($user['permissions'] & CAN_READ_OWN)
    {
        
    // Do stuff to read their own somethings
    }

    if (
    $user['permissions'] & CAN_WRITE_OWN)
    {
        
    // Do stuffs to write their own somethings

    Something along that lines. My newest stuff uses a fully integrated ACL, but its custom to application.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    You seemed to use something which PHPBB uses, where instead of checking for a variable you already have "CAN_WRITE_OWN". I don't understand how this works.

    PHPBB has something like:
    if (U_IS_LOGGED) { //do something ....

    How do you do this?

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Thats just a boolean, its completely different:
    PHP Code:
    define('U_IS_LOGGED'true);

    if (
    U_IS_LOGGED)
    {
    ... 
    For doing permissions, you'd do something like this (or you can lookup from DB's or whatever)
    PHP Code:
    define('CAN_READ_OWN'1);
    define('CAN_READ_OTHERS'2);
    define('CAN_EDIT_OWN'4);
    define('CAN_EDIT_OTHERS'8);
    //....

    // Look up some permissions or whatever you do
    if (($user['permissions'] & CAN_EDIT_OTHERS) != 0)
    {
        
    // execute code allowing users to edit other posts or profiles or whatever this represents

    I have no idea how PHPBB does permissions. I think vB uses a similar idea with the forums nowadays though.
    Last edited by Fou-Lu; 02-16-2010 at 10:09 PM.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    Can I use the above technique to do things like this?

    PHP Code:
    define('U_LOGGED'true); //Use logged in

    if (U_LOGGED == true) {
    //Logged in
    } else {
    //Not logged in...
    }
    // Or >>>>
    if (U_LOGGED) {
    //Logged in
    } else {
    //Not logged in... 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •