At 10:36 PM 17/01/2001, you wrote:
>Hey Guys,
>
>I wonder if anyone can shed light...
>I have a system that internal users access -
>
>I have separated access levels into 1, 2, 3 etc. So if you have access 1
>you can view certain things - If you are 2 then you can view more or other
>things.
>
>However the problem arises when someone in access level 1 wants to access a
>level 2 function. I then manually specify that:
>
>if (access = 2 or user=joe) {
>Allow the functions ...
>}
>
>This can get messy - as individuals will be specified all over the place on
>a large system to override levels of access.
>
>Is there a sensible standard that is used to have levels of access but
>special people can access certain higher level functions.?
Why not have a database with all usernames/passwords/access levels in
there, and when the user logs in (either with htpasswd or a form login
script system) that info is recorded by a cookie.
Than have a function which is at the start of every page which passes the
access level of the user, and which levels can access the page. Say there
was 5 levels, you could call the function this way
auth_user("$access_level","N","N","Y","N","Y");
The function just needs to grab the first variable as the users given
access level, then the next 5 variables state whether levels 1 thru 5 are
allowed to view the page (only level 3 and 5 can view it in the above
example). If the users access level returns a Y for its corresponding
level, then its allowed to proceed, otherwise they are shuffled off to a
page telling them to (nicely) go away.
I dunno if this is a clutzy way of doing it (chances are it is) but thats
how I would try and implement it, and you can also create a nice simple
admin screen system to maintain all users and access levels. Change it in
the DB and its instant on all pages.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
