User Permission Function [php] Determining User Permissions

[jlhaslip 4]

There have been several recent request for methods to restrict access to various pages on a web-site based on User Permissions in sites that have a Login System in place. Here is some code showing one method to restrict access by providing a sub-set of your site's links based on the User's permissions.

In this demonstration, I have defined a string for each 'level of user' determining which set(s) of links they can view on your site.
Normal MySql procedure would be to read the User's permission level from a record in the database.
For the purpose of this demonstration, an array is constructed. The output reflects the various combinations of their permissions.
The strings are a series of concatenated Boolean values for the permissions allowed by a group. 0 = false (no links) 1 = true (links).
As you can see, the Guests get 'some' links, Members get 'some more' links, Mods get 'still more', and the Admins get 'all' links.

Array values can be read from the User Profile or from $_SESSION values, or from a 'group' table depending on their group membership.
Each member is assigned to a Group and their permissions are given according to the Group they belong to.
Whether the permissions string is stored with the member Profile ( not suggested ) or in a separate Table in the database ( suggested ) does not really affect the function of this procedure, as long as the permissions function is fed the correct of string.

Replace these simple echo commands with the code which will generate the links for your site.
And normally, you would not use the else statements, so those could be removed from the code, too.
Adjust the details and particular to suit your own needs.
Additional Permissions could be set for allowing certain Groups the right to add, edit, delete stuff, or Ban Users, etc. I'll leave that to you, since it would be very site specific.

Happy Coding.

'Users' => "1100",
'Mods' => "1110" ,
'Admins' => "1111" ,
);


/*
*Function to assign Permissions based on Group membership
*/

function permission( $p )
{
// Split the levels string into an array
$perm = str_split( $p );

// Permissions array
$up = array(
'can_view_links_1' => 1,
'can_view_links_2' => 2,
'can_view_links_3' => 3,
'can_view_links_4' => 4,
);
$combine = array_combine( array_keys( $up ), $perm );

return $combine;
}

/*
* Procedure Test Printing
*/

foreach ( $levels as $i => $value) {

/* print Group name here */
echo '<h3>' . $i . '</h3>' ;

/* call function to assign permissions */
$p = permission( $levels[$i] );

/* check Guest permissions */
if( $p['can_view_links_1'] == 1 ){
echo 'can view Guest links  ' . $p['can_view_links_1'] . '<br />';
} else {
echo 'no links here  ' . $p['can_view_links_1'] . '<br />';
}

/* check Member permissions */
if( $p['can_view_links_2'] == 1 ){
echo 'can view Member links  ' . $p['can_view_links_2'] . '<br />';
} else {
echo 'no links here  ' . $p['can_view_links_2'] . '<br />';
}
/* check Moderator permissions */
if( $p['can_view_links_3'] == 1 ){
echo 'can view Moderator links  ' . $p['can_view_links_3'] . '<br />';
} else {
echo 'no links here  ' . $p['can_view_links_3'] . '<br />';
}

/* check Administrator permissions */
if( $p['can_view_links_4'] == 1 ){
echo 'can view Admin links  ' . $p['can_view_links_4'] . '<br />';
} else {
echo 'no links here  ' . $p['can_view_links_4'] . '<br />';
}
}

?> linenums:0'>$levels = array( 'Guests' => "1000" ,'Users' => "1100",'Mods' => "1110" ,'Admins' => "1111" ,);/* *Function to assign Permissions based on Group membership */ function permission( $p ){ // Split the levels string into an array $perm = str_split( $p ); // Permissions array $up = array( 'can_view_links_1' => 1, 'can_view_links_2' => 2, 'can_view_links_3' => 3, 'can_view_links_4' => 4, ); $combine = array_combine( array_keys( $up ), $perm ); return $combine;}/* * Procedure Test Printing */foreach ( $levels as $i => $value) { /* print Group name here */ echo '<h3>' . $i . '</h3>' ; /* call function to assign permissions */ $p = permission( $levels[$i] ); /* check Guest permissions */ if( $p['can_view_links_1'] == 1 ){ echo 'can view Guest links  ' . $p['can_view_links_1'] . '<br />'; } else { echo 'no links here  ' . $p['can_view_links_1'] . '<br />'; } /* check Member permissions */ if( $p['can_view_links_2'] == 1 ){ echo 'can view Member links  ' . $p['can_view_links_2'] . '<br />'; } else { echo 'no links here  ' . $p['can_view_links_2'] . '<br />'; } /* check Moderator permissions */ if( $p['can_view_links_3'] == 1 ){ echo 'can view Moderator links  ' . $p['can_view_links_3'] . '<br />'; } else { echo 'no links here  ' . $p['can_view_links_3'] . '<br />'; } /* check Administrator permissions */ if( $p['can_view_links_4'] == 1 ){ echo 'can view Admin links  ' . $p['can_view_links_4'] . '<br />'; } else { echo 'no links here  ' . $p['can_view_links_4'] . '<br />'; }}?>
Here is a demo using the above script.
http://forums.xisto.com/no_longer_exists/

Any questions, post them up here.

[hippiman 0]

A couple of friends and I just did a programming competition using PHP and we just used a cookie with 3 values, for the different kinds of users.We didn't make it so that it didn't show the links, though. We just made each page show a thing saying that they don't have permission to use that page. I think what you're doing makes sense, too, though. I think you should also have each page deny access for if they just type in the right url, though.Nice tutorial.

[jlhaslip 4]

Thanks.The site checks Sessions and Permissions both to deny access. I'll post the full version later as I complete the package.Might take a few days/weeks since it is a hobby, not a job.

[alex1985 0]

For instance, if I have a simple login system with control panel. Can I merge this permission script with my login system or not? Write the tutorials as well as if you can.