-2

Well i am building management system for my company. the part i wanted to know is how to manage users on what they can do on the content. What i wanted to do is when authorized user sign up a user how can he make that new user to view/READ the contents only and deny CREATE, UPDATE, and DELETE activities? need help in fast! Thanks! This is a sign up page i have:

<fieldset>
    <legend><h2 align='center'>Create User</h2></legend>
    <div align='center'>    
        <form action='new_main_signup.php' method='post'>    
        <input type='text' name='username' placeholder='Username' /><br>
        <input type='password' name='password' placeholder='Password' /><br>
        <input type='password' name='Confirmpassword' placeholder='ConfirmPassword' /><br><br>
        <input type='submit' name='submit' value='Create'>
        </div>
    <span class='spanclass1'>".
    errors().
     form_errors($errors) 
    ."</span>

Keval Rathi
  • 978
  • 6
  • 21
Nebi
  • 47
  • 1
  • 1
  • 10
  • Can elaborate a bit more. also adding the related code where sessions, cookies and user is created – Jorge Y. C. Rodriguez Sep 09 '15 at 08:00
  • Your question has many possible answers. Showing a signup form is not any help. You would have to code this decision into your whole application and not just a signin form – RiggsFolly Sep 09 '15 at 08:01
  • i already have user login sessions but how can i check whether the logged in user have privileges to update and delete contents? that the part i want to know, but if you guys still want more i will post the full code! – Nebi Sep 09 '15 at 08:23

1 Answers1

0

There are many different ways to tackle this, but I believe this is the simplest method.

First create a field in your table for "permissions".

Then you can use permission levels to determine what people can and cannot see or do.

For example, you might have "Admin" level, "Staff" level, "Member" level

Then assign permissions to a user on sign up and record it to the database reord along with the member's other information. IE: Member

Upon successful login create a session variable for the visitor while logged in. IE: $_SESSION['loggedinuser'] = $row['permission']

Then on your pages you can use that session to determine what he/she can see.

Example:

if($_SESSION['loggedinuser'] == 'Admin') {
    // show admin content
}
if($_SESSION['loggedinuser'] == 'Member') {
    // show member content
}

etc.
Nimantha
  • 6,405
  • 6
  • 28
  • 69
Kuya
  • 7,280
  • 4
  • 19
  • 31
  • Thank you very much .. Thanks for understanding my question and suggest easiest way to maneuver this task!! PEOPLE, its not about how you ANSWER the question, its all about understanding the QUESTION!! – Nebi Sep 09 '15 at 13:22