I have a table (admin_users)
as shown below in which there are list of 5 users. All of these 5 users in the table have access to every admin pages. In total, there are 5 admin pages
and 5 admin users
.
Let us suppose the name of 5 admin pages
are: admin1.php
, admin2.php
, admin3.php
, admin4.php
and admin5.php
admin_users
ID user_name user_pass open
1 John sxhsds false
2 Nicholas eruerie false
3 James zsdfdf false
4 Richard adsdsf false
5 Robert rfgjrg false
The following php code allows user to login:
if (isset($_POST['user_name'], $_POST['user_pass']) && $_POST['user_login'] == 1) {
$username = $_POST['user_name'];
$password = $_POST['user_pass'];
$stmt = $connect->prepare("SELECT user_pass FROM admin_users WHERE user_name=?");
$stmt->bind_param('s', $username);
$stmt->execute();
$result = $stmt->get_result();
$user_from_db = $result->fetch_object();
if ($user_from_db && password_verify($password, $user_from_db->user_pass)) {
$_SESSION['webpageadmin'] = true;
$_SESSION['webpageadmin_user'] = $_POST['user_name'];
} else {
echo "Invalid username and password.";
}
}
What I want to achieve is I want specific users to have access to specific admin pages. For example:
admin1.php John and Nicholas
admin2.php James and Richard
admin3.php all users
admin4.php Robert, Nicholas, James and John
admin5.php Robert
What I have tried:
I am thinking to add one more column (admin_pages) in the admin_users table as shown below:
ID user_name user_pass open admin_pages
1 John sxhsds false admin1.php, admin3, admin4.php
2 Nicholas eruerie false admin1.php, admin3.php, admin4.php
3 James zsdfdf false admin2.php, admin3.php, admin4.php
4 Richard adsdsf false admin2.php, admin3.php
5 Robert rfgjrg false admin3.php, admin4.php, admin5.php
I am wondering what changes I need to make in the php code above so that it looks for the user (who tries to login) with their admin_pages
in the admin_users
table above.
Option 1: If you can allow yourself more tables, in my opinion, the cleanest and easiest Add one tables for rights:
ID access
1 God-like
3 Admin1
4 Admin2
5 Admin3
Then you can either add one column to the user table and stringify the access ids and split them into an array on log-in.
ID user_name user_pass open access
1 John sxhsds false 1, 2, 3
2 Nicholas eruerie false 3,5
3 James zsdfdf false 1,4,5
4 Richard adsdsf false 3,5
5 Robert rfgjrg false 1,4,5
or use an additional table
UserId access_id
1 1
1 2
1 3
PHP Side, on login you'd store in the session/cookie the access ids. On each page requiring specific access you'd only have to check in the session/cookie if the user has the required access right.
Option 2: If you only can afford a column and want to add pagenames. You'll still have to store the page the user can access somewhere (session/cookie) on login
To get the current page : basename($_SERVER['PHP_SELF']);
You'll have to confront the page to the stored pagenames. Good luck on your project;)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.