Hey Guys,

So i'm writing a little project and i'm looking into writing my own user management package and the hope is to make it project independent so it can be easily slotted into other projects. Sounds like a job for OOP to me!

I've got a nice User class built up but I wanted to get an opinion from some folks who work with PHP on the daily. What all should this User Management package entail? I've done some reasearch on other packages and some that came highly recommended were relatively old and I don't think they're quite going to last through PHP6 - that aside - they have some impressive features and tons of bells and whistles. Some even claim to be able to update any and all database fields.

Really? Do I want my user manager to be able to mod my database? Personally, I do not. This is one of the reasons I decided to roll my own script here. I know what i'll be getting the end because i'm writing it.

So I've got what I believe to be the basics down. Log In, Log Out, Add, Edit, Delete & view other users profiles (can include one avatar/small image). I even have a role system and it works amazingly well but I think i'm going to scrap the idea of User Roles.

Roles can be cumbersome when you start dealing with larger projects and the sheer amount of tasks that need to be completed could make desiging the role system to be that flexible could be a full time job. How do YOU control access when you're designing a user system for a multi-user project? Access Control List? Roles? Some other method? Please do share or direct me to a link or two for a good read on the topic - I would appreciate it!

The script also logs in the db the date of user registration as well as inputs a timestamp each time the user logs in. At this point, only the last login timestamp is saved. Would it be worthwhile to have a list of say .. the last 25 logins? Failed login attempts?

I'm thinking about using googles reCAPTCHA feature.

Any other must have features that i've left out of the description?

    DeadlySin3 wrote:

    I've got a nice User class built up but I wanted to get an opinion from some folks who work with PHP on the daily. What all should this User Management package entail? I've done some reasearch on other packages and some that came highly recommended were relatively old and I don't think they're quite going to last through PHP6 - that aside - they have some impressive features and tons of bells and whistles. Some even claim to be able to update any and all database fields.

    Really? Do I want my user manager to be able to mod my database? Personally, I do not. This is one of the reasons I decided to roll my own script here. I know what i'll be getting the end because i'm writing it.

    So I've got what I believe to be the basics down. Log In, Log Out, Add, Edit, Delete & view other users profiles (can include one avatar/small image).

    If you do not want your user manager class/system to be able to modify your database, then how are you going to implement add, edit and delete?

      laserlight;11048189 wrote:

      If you do not want your user manager class/system to be able to modify your database, then how are you going to implement add, edit and delete?

      I think what he means is the User class doesn't do it directly, but rather passes off the DB queries to another class like a DAL or something.

        Bonesnap;11048191 wrote:

        I think what he means is the User class doesn't do it directly, but rather passes off the DB queries to another class like a DAL or something.

        I do apologize if I wasn't clear on that - I do in fact have a nice database abstraction layer that I use which all queries are run through, though - I do not want my user class / system to be able to directly access the database as other packages claim to. If you take the time to research other user management systems, even if only for 20 mins and read the descriptions - they claim to be able to modify any database field at any time for any purpose. That sounds more like a CMS and a simple user class / management system such as the one i'm wanting to write.

        So anyway, i'm really building it for the experience with OOP. Any help w/the questions i've asked is greatly appreciated.

          DeadlySin3 wrote:

          I do not want my user class / system to be able to directly access the database as other packages claim to. If you take the time to research other user management systems, even if only for 20 mins and read the descriptions - they claim to be able to modify any database field at any time for any purpose. That sounds more like a CMS and a simple user class / management system such as the one i'm wanting to write.

          Yeah, but a quick search brings up UserFrosting as the first result, and as far as I can tell UserFrosting does not "claim to be able to modify any database field at any time for any purpose", though it is certainly much more than a "simple user class".

          DeadlySin3 wrote:

          Any other must have features that i've left out of the description?

          Password reset? (Assuming that authentication uses passwords.)

            I use a level and permission system together for authorization. For example, only an admin can have the permission to edit any post - but not all admins have this permission, and a regular user cannot have this permission at all.

              +1 for Derokorian's thoughts. In addition to password generation/reset/recall/login, etc., a level/group/group permissions-based system is a pre-requisite for many packages, including forums and social platforms ("groups" and "group admins"), bug reporting software (JIRA & friends), even auctions and e-commerce platforms.

                Write a Reply...