PHP authentication

Bant

I was wondering what you would recommend as authentication method in PHP. I need a simple authentication system where I can grant users rights to user administration and some other stuff. Moreover I need to be able to grant authentication more precisely like permission to add, edit and/or delete users.

Any references to howtos, guides and other resources would be appreciated. A simple authentication system with theses properties would also be appreciated.

I have to following fields in my user database:
Id
Username
Password
Email
Fullname

How would it be most efficient to extent this so I can grant users permissions not only to user administration, page administration and so one but also to read, edit or delete users and/or pages?

scuk

Here's an old'n but good'n - I often still refer to this - Authenticate and Track Users with PHP

Hope it helps

Stew

Bant

It helped with basic authentication but not with differentiations users access. For instance I want to be able to grant a users access to user administration where I can decide if the user should be able to add, edit and/or delete users.

treds1

not sure on any tutorials

but you need to have a user level variable, in your usertable.

if you then set this as a session variable when a user logs in, its simply a matter of checking what the session variable is set as and then runnig the relevent script

if($SESSION('userlevel') =1)
then do this
elseif($SESSION('userlevel')=2
do this

etc

i know this is not an indepth descrition but may give you a few ideas.

this tutorial may be of some use not sure as havent read through it but looked promisinghttp://www.phpfreaks.com/tutorials/65/0.php

Bant

I don’t want to use a user level variable since it is not as flexible as I want it to be. I want to be able to combine adding, editing and/or deleting users whit adding, modifying and/or delete pages and so on in anyway I need.

Want some kind of permission system like this:
User Management
- Add X
- Delete X
- Edit X
Pages
- Add X
- Modify X
- Delete X
Forum
- Delete X
- Modify X
...

treds1

not 100% sure what your getting at but if im understanding you

you could(although im suer there is a more effective way)

Add fields to your table for each option i.e
user_add
user_edit
pages_add
etc

set them as a value eg yes or no and then check the users record when you want to access the relevent areas

Bant

You did get me right 🙂

I was speculating in making a useradmin, pageadmin, forumadmin fields in my database and setting them to “add:delete:edit” or something delimited by ‘:’.

Is there a better and/or more efficient way?