[PHP] Multiple permisions, different sessions.
Hi, I´m developing an intranet on Apache-PHP-Mssql. I need to know if there´s any way of managing users to have access to specific areas inside my site, and at the same time, managing other users, giving them permision to acces other areas only, because all of the codes and information I´ve found (at least for Windows), simply give permission to acces and pass the login screen, but don´t limitate the users navigation priviledges. Thanks in advance! Paul from Argentina. American Express made the following annotations on 10/22/04 06:06:01 -- ** This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you. ** == -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple permisions, different sessions.
On Fri, 2004-10-22 at 09:05, Pablo D Marotta wrote: Hi, I´m developing an intranet on Apache-PHP-Mssql. I need to know if there´s any way of managing users to have access to specific areas inside my site, and at the same time, managing other users, giving them permision to acces other areas only, because all of the codes and information I´ve found (at least for Windows), simply give permission to acces and pass the login screen, but don´t limitate the users navigation priviledges. Thanks in advance! Assigning user levels that are stored in the db along with their other user info comes to mind. Then you could just use if($usr_level == 'xx') or something similar throughout the site. -- s/:-[(/]/:-)/g BrianGnuPG - KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu == gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC Key Info: http://gfx-design.com/keys Linux Registered User #339825 at http://counter.li.org aGEhIGJldCB5b3UgdGhpbmsgeW91IHByZXR0eSBzbGljayBmb3IgZmlndXJpbmcgb3V0I GhvdyB0byBkZWNvZGUgdGhpcy4gVG9vIGJhZCBpdCBoYXMgbm8gc2VjcmV0IGluZm8gaW 4gaXQgaGV5Pwo= -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple permisions, different sessions.
Hi Pablo it really depends on what you want to do. I mean, if you want a hierarchy of users (like: guest, normal, administrator, root) or you wnat to limit certain users to an area of your site and certain others to another area (no hierarchy here, just fences). Anyway, in both cases I suggest you to check at the beginning of every script of the users is allowed on that page. What differs is *how* you decide if the user is allowed on the page: - for a hierarchy-based system, you could assing a number to every users (guest: 100; normal: 1000; administrator: 1; root: 10) and compare this number with the access number of your page (saying for example that your orders.php can only be accessed by users = 1, so only administrators and root) - for fences, what I would suggest is to create groups, assing users to these groups (based on what they can see) and then check at the top of your PHP page if the current user belongs to an allowed group. Obviously I made it quite simple here and there could be other twists to this thing (we are talking about a read-only system, but you could specify also edit permissions, kinda like the ones you have on files on Linux): anyway, I hope it helped a bit. Silvio Porcellana Pablo D Marotta wrote: Hi, I´m developing an intranet on Apache-PHP-Mssql. I need to know if there´s any way of managing users to have access to specific areas inside my site, and at the same time, managing other users, giving them permision to acces other areas only, because all of the codes and information I´ve found (at least for Windows), simply give permission to acces and pass the login screen, but don´t limitate the users navigation priviledges. Thanks in advance! Paul from Argentina. American Express made the following annotations on 10/22/04 06:06:01 -- ** This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you. ** == -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php