3 replies to this topic

[iVista]

Hi there,

I was just wondering if anyone could help me on this. I am trying to develop a simple web app that will have a login system and some functions. There will be different types of users, each of them with different privileges. For example, a normal user can only view the data. A moderator can update, add, delete etc. and ofcourse...an admin with full access that can also create users.

So what I want to do is make a system so that every different type of user have different screen after they login.

The project is actually like a traffic management system. A user, a police officer and an admin.

How do I go about creating separate views for each type of user?

Any help/links will be appreciated!

Regards,
iVista

[Bioshox]

In summary you will need a MySQL database with the permission names, either a Session or Cookie variable, and an IF statement, that checks the database with the session/cookie name to see whether or not the user has permissions to view that content.

[webcodez]

Yep, what bioshox says is basicly what you need. You could have a seperate table called 'Permissions' for example and then have a field 'permission_id' inside the table 'Members' as I use to do and then each user will have a permissions row assigned ( like one for normal members, one for administrators, etc. ). This permission row from the table 'Permissions' could have for example fields such as: 'mayUpdate', 'mayViewPost', 'mayAddPost', etc., depending on what you want to have (different) permissions for. Then a sample PHP script checking these permissions for the user would be something like this:

admin.php

<?php
 
$userid = $_SESSION['userid']; //<-- put the user id of the loggedin user here
$get_user_permid = mysql_query("SELECT permission_id FROM members WHERE id = '$userid' ");
$user_permid = mysql_fetch_assoc($get_user_permid); //<-- the permission_id (row of permissions table) for this user
$get_permission = mysql_query("SELECT * FROM permissions WHERE id = '".$user_permid['id']."' "); //<-- select permissions from table 'Permissions' with id of user permission_id
$permission = mysql_fetch_assoc($get_permission); //<-- retrieve the row of permissions for this user
 
//Example for an admin page
if($permission['mayViewAdminpanel'] == 1) { //if this user has the permission to view admin panel
    echo "Welcome!";
}else{
    echo "Access denied.";
}
 
?>

Just small example script, basicly just what bioshox wrote but to give you an idea of how it works I wrote small sample script. Hope this helps!

[iVista]

Thanks guys, This is a great start. I was looking around for an open source or a paid script to begin with. Any recommendations? Anything that has to do with Admin being able to create invoices/tickets under usernames...and usernames being able to read it as a list. :)

I am also trying something on my own too, but its gonna be a lot of work so I am looking for some free alternative to work on and modify on it.