there is no right to access the menu home, profile, gallery, contact us.
I have 2 types of user that is the administrator and operator. eg the administrator just the home, profile, and contact us menu to see. while in the operator, just the home and profile menu are visible. how to differentiate the permissions on codeigniter?
please help me, thank you :)
A simple way is provide a profile id to differentiate the users. For example for Admin 1 and for Operator user 2. When you are displaying menu in the view file put some conditions on your menu display using profile id.
Note save profile id in session data with user data.
Having different user types works if you never envision having more than two types or people that need one admin permission but not another. A better, or rather more future proof, way to do it is through roles.
Create a roles table with your different roles in it, for your use now you would have Admin and User roles. Then you create a join table that would hold the RoleId and the UserId. When a user logs in you create a session variable and populate it with an array of the different roles they hold, then when you have a specific page that requires protection you simply have to check that array for the required permission.
As an example say you have a business site, you require user logins, a main admin login, a sales login and a warehouse login. Let's say for the sake of argument that sales and warehouse need the ability to edit products, but the warehouse shouldn't be allowed to edit prices. You could of course assign different user types and then check for those user types when a page is loaded but the more and more permissions required the messier that gets. With the roles you assign warehouse and sales people the product permission role and only sales get the price editing permission.
As I said if you only ever require two separate user types with two distinct sets of permissions, role based authentication is probably overkill. But that being said it can't hurt to plan and build for a situation where you find you're going to need more.
Related
I need to make a registration page for members on my website/webapplication, but the problem is that there is 3 different account types: employees, freelancers and jobseekers. I have some ideas of where to start but i don't know if it will work.. i just want some feedback about whether i am on the right path with my ideas.
Registration form
Should i make 3 different registration forms for each account type? or can i use 1 webpage divided into 3 different sections for each account type?
Database/Tables MySQL
Should i make a different table in my database for each different account type? or can i just add an extra column to the current existing users table that indicates the "account type"?
PHP script to check the account type and then show the correct profile page
How can i redirect each account type to the right profile page when the user is logging in?
It's preferer to use one login page and redirect everyone to his role page.
On DB use one table and add a new column named ROLE, and change it with the role of everyone and set "USER" like a default role
You have three account type. You should make a single registration page and make two tabs. Each tabs have it's forms, One form for job seeker and another one is for freelancer. User will select the tabs and choose one of them. You should make another page(url) for employee separate because every user visited on your site, an not be employee.
In database you should manage job seeker and freelancer in one table and add a field type. For employee make another table because emlployee have a lot of field which will not be in jobseeker and employee. you have less employee and more users(jobseeker and freelancer) so keep it separate.
Same secenario will follow in login. Single login for users(job seekers and freelancer) and separate login for employee. When user is login go and check in db then you will get it's type and redirect them accordingly.
Actually I am created one user group and created different admin but my problem is I am getting all data whatever inside admin. i Want to get only specific data for a particular admin. Is it possible through tool in OPENCART. If any one did kindly explain me.
The User section lets you customize which users can access the admin side of the store, and what sections can be accessed or modified by them.
Before you begin creating user profiles, you should visit System > Users > User Groups to set specific access and modification permissions.
With the user groups set up, the individual users can be saved to the administration side of your store under System >Users > Users.
The User Group selected from the drop down box will assign specific permissions to the user.
Check links,
create user,
create user group
I'm working on a website where there will be three types of users: admin, managers, and operators.
I want to give access for these groups for them to only be able to view certain pages or
certain menus in these pages when they login. How do i go about doing this? im still just a beginner in php
so any information or tutorials to implement this will be helpful.
This is a loaded question, in my experience you will want to make three tables. I will highlight basic columns to make it work
User
user_id, login, password
Access
access_id, access_code, access_name
UserAccess
user_access_id, access_id
Then create the accesses you want like Administrator give it an access code like admin_rights, Manager with access code manager_rights, and so on.
Then assign the users the access you want to give them. The pages you will assign the access_codes that can view the page and if the user has the access type it can view the page. As far as code goes there is a lot to show so if you need more help,let me know.
You could go even further and add a Role table that allows you to assign multiple accesses to and then assign a role to a user.
Role
role_id, role_name
RoleAccess
role_access_id, role_id, access_id
UserRole
user_role_id, role_id, user_id
It gets complex, but in the long run it allows you to set up many different user types and allows for you to get specific for special users that you want to have access to this and that and don't fit a predefined role.
I am planning to build a site which will have members and member uploaded content. I need to choose between the following:
a) A separate interface for admins and users
b) Same interface for admins and users
For example, a particular module 'yellowpages', would have listings uploaded by members. When the owner of the listing visits the page, they will be displayed edit/delete links by checking their session data against the database. The same will be displayed to an administrator. These links will not be visible to public users. The edit/delete functions will also check if the user is the owner/or is an admin so as to avoid the public from accessing the edit/delete URLs direclty.
Also, if the user is an admin, an additional navigation bar will be displayed on the top which has links to functions that will add/edit/modify site settings and everything.
So my question is, is the above a good way to do it? or to have separate interfaces for users and admins like http://philsturgeon.co.uk/blog/2009/07/Create-an-Admin-panel-with-CodeIgniter
There is another options too. And I Prefer this.
C) Mix Both (a) and (b) Options of Yours
Create a separate interface for admins.
which includes admin listing and managing of users and listings (edit/delete/ban user etc..)
Plus You can use users and permissions type of situation.
For Ex.
Add a table permissions user type can be admin, guest, registered,
moderator etc..
Depend on login type : session will be stored and as
per session in front end the operations will be displayed.
Ex.:
guest will not see "add comment" link ;
registered can add comment +
listings + edit own listing ;
moderator can edit anyone's listing ;
admin has all rights.
Depend on your application and time you can add as much as you want.
I wrote as per globalization of any application.
If you gona use same interface it whould be less secure. Intruder would be theoretically able to become admin throug user interface. Also while programming you will have to keep in mind that some methods would be used by user and admin both - so ypu can simply forget something letting intruder some way to go. I'd beter create one class with methods used by admin and user (i.e. edit(), delete()) and extend it with two classes - user and admin.
HI,
i am writing and designing a website with php.in this site every want can register and admin can go to admin.php for manage the site.but my problem is that every one that type www.example/login/admin.php can access to admin.php.how can i prevent other users that can't access to admin page?
You probably want to look at .htaccess file. Check this link out
You have to do the login page for the admin.php. Only if the people with the correct username and password can see the admin page and do the admin action
How do you define terms like "user" and "admin" and what is the process for creating/registering an account?
Generally, you would associate "users" with "roles" in your database. If a user account is supposed to be an admin, you associate that user record with the admin role. If the user is a standard user, associate them with the standard user role (which may be the default by having no role, though I'm not a big fan of implicit knowledge vs. explicit definitions in software). Users should also be able to have multiple roles, in case you have various classes of "user" and they need to have overlapping privileges.
Then, in the admin section of the site, your code would check if the current logged-in user (however you track that, you didn't specify) is in a given role before rendering the page. If not, then either send the user to another page or display a message, etc.
If every user can access the admin page, then essentially every user is an admin. How do you distinguish one from another in the code or in the data? That's where you need to start.