PHP: Need Help In Creating Access Groups For Site

Dear FriendsI need a PHP script which can verify users. There should be a system which set access level of users. I mean admin, power user and the regular user. Admin will have all the rights like block user change password etc. and power user can have rights more than regular user. I want to build a Content Management System. For which I need your help. Bye.

Hello and welcome!

First of all: Do you know any PHP? Because if you don't it can be quite hard (*changes voice* I would even say impossible) to construct a content management system in PHP on your own.

If you do know and you want to build it up with our help, you should start somewhere, because a CMS is a big thing and it's kind of difficult to give assistance to a not-existing project.

If you want to start from scratch I would recommend you though to use a PHP-database (Xisto has PostGreSQL and MySQL) combination, because everything else would make it a lot more work.

But my real recommendation to you would be: Take one of the field-tested, professional ones and fit it to your needs. If you get hosted with Xisto, then you can easily establish a CMS with the pre-installed Fantastico, so most of the work you need to do, is done already. The configuration is a lot of work too, but definitively easier than writing your own CMS.

If you don't need a whole giant CMS (I mean you talked about a user database first, but I don't know what you're going to do with it later on), then I can happily help you with forming some strategy and writing it later on, but you're so vague (qotsa reference) right now.

 

Greetings,

Ruben

I agree with Ruben. You really shouldn't go about trying to build your own CMS with basic knowledge of PHP. Heck, even with extremely proficient PHP skills it's really annoying to create your own user system, or whatever, but I would suggest using Drupal.

 

It has the user system (including all the privilege and access level features) and template system worked out for you along with a few other things, and if you need anything special that isn't included in it, you can just very easily develop an addon for it. Actually, most things you would ever need can probably be found in the Drupal's module section (along with a variety of excellent themes in the appropriate section). Oh, and if you don't want to use any of Drupal's built in features, you should just think again. Template engines are a good thing, a very good thing, even if it seems as if it's easier to code the HTML into the PHP page, and Drupal's nodes can be configured to perform whatever it is you want them to perform (and you can give them different names so instead of /node/xxx, you'll see /about/ or whatever address you choose).

 

Anyways, it would really help if you told us what you're trying to do with that user system you're trying to build. And sorry for sounding like a Drupal zealot, but I am a Drupal fan, and quite a proud one!

Thanks Friends,I know a little bit of both PHP and MySQL data base. Basically I want to buils a Job Portal like Monster.com.I have found out that there are three types of user. First: Administrator, who run the portL. second:The Employer,The power user. Lastly : The Job Seeker, The general user.I need your help to build this three type of user system. I know it can be done but I need a openning.I wish you may help me in doing so.With Regards...

Well, I'm not sure if you wanted actual code or just an overview so I'll give an overview for now.

For each user file, you'll need to specify the user type: Admin, Employer, User
You will need to save their password information here as well along with any other data you wish to collect like an email address.

The password data saved should really be a hash of the actual password so that if someone manages to gain access to your database, they can't read the actual passwords.
To create a hash of the password, you simply modify the password with a hashing function or functions like MD5. Then when a user logs in, you run the same hash on the submitted password prior to comparing it to the stored password data.

Once the user logs in, your session data should be modified as such. It would be helpful to save the user type in the session data but not required.

For any page that is displayed, there are 4 diferent user types that might be able to view it or not. guest, user, Employer, and Admin.

All pages should be viewable by the Admin. You will need to check the users group type prior to displaying any page and prior to displaying any internal links on a page. You don't want to show the link to the admin control panel to guests do you?

So at the beginning of your page generation script, you should check the status of the users session and then their user type.

You'll assign their user type to a variable:
$usertype

then you'll check to see if that usertype is allow to view the information requested to be displayed.

For user only content:

if ($usertype == 'Admin' || $usertype == 'user') {	// Show content or link}

For fully public content:

if ($usertype == 'Admin' || $usertype == 'user' || $usertype == 'Employer' || $usertype == 'guest') {	// Show content or link}

Of course, you could skip the check altogether on this one! or just check to see if $usertype is assigned before displaying like this:

if ($usertype) {	// Show content or link}

For logged in only content:

if ($usertype != 'guest') {	// Show content or link}

This would be good for a log out link.

For guest only content:

if ($usertype == 'guest') {	// Show content or link}

This would be good for a log in link.


If you use a database to store all of the information about what to display in which situation, then you can have each content item have it's own allowed user settings. But for the most part, you simply need to check for the usertype then determine if the content will be displayed or not as a result.

Since there are so many ways that this could be written, I don't want to get into much more detail without direct questions since my technic may differ from yours and my confuse you as a result.

Hope this helps.

vujsa

...........

For guest only content:

if ($usertype == 'guest') {	// Show content or link}

This would be good for a log in link.

here is a muh better way to code that..
first create a user database and put an exta column called level.

i normall use two database tables for this

[table users]
ID -[unique key]
Username
Password
Level

[table LevelMap]
ID [unique level key]
Level Name


table levelMap contains records like this
1, Admin
2, Power User
3, User

and the user tables contains data like this
00001, user01, user01password, 1
00002, user03, user01password, 3
00003, user03, user01password, 1

for having 2 admins and 1 user account.

on top of each page I have this check

switch level
case 1: //do admin stuff
case 2: //do power user stuff
case 3: //do normal user stuff


--
PS: i cant seem to use the forum functions with firefox modified.. must recompile this browser later..

Thank you friends for your suggestions. It would be very helpful for me if you could provide a working example. I just need a login system which can discriminate user by their ID and PASSWORD. It would be very nice if the example is commented. I dont know whether I am asking for too much. I so please forgive me. Bye..

Just take a look at a working ContentManagementSystem as we have told you before. You can take a look at drupal for example. The code in these ready-to-use CMS is normally commented quite well. Why do you need just the user-part? I mean just users aren't that useful.The examples you saw above are working, you just need to implement them into a website, which shouldn't be that hard, if you think, you can build a CMS on your own.It seems very difficult to help you, because you ask for a quite comprehensive and versatile thing and don't seem to use the answers you get.

Well, maybe a CMS isn't what is really needed here. It is true that most CMS scripts offer a lot of useful tools but some of the extras can get in the way. This could make it hard to add a component to the CMS or use the CMS code as an example to write your own code.

 

Have you been to a PHP scripts download site? You should be able to find an authorization script ready made there. Even if you don't like the script, you can modify it or use it as a roadmap to your own script.

 

http://php.resourceindex.com/

http://www.hotscripts.com/

 

These are the two most common places to find PHP scripts. I use them to find scripts to either use as is or for learning purposes. I think that you can find a small enough script there to learn from. If that doesn't work out, they may have some authorization classes or code bits that you can use like a module.

If you use a class or code bit, there may or not be instructions on how to use it.

 

Hope this helps

 

vujsa