Hi Pablo it really depends on what you want to do.
I mean, if you want a hierarchy of users (like: guest, normal, administrator, root) or you wnat to limit certain users to an "area" of your site and certain others to another area (no hierarchy here, just "fences").
Anyway, in both cases I suggest you to check at the beginning of every script of the users is allowed on that page.
What differs is *how* you decide if the user is allowed on the page:
- for a hierarchy-based system, you could assing a number to every users (guest: 100; normal: 1000; administrator: 10000; root: 100000) and compare this number with the "access number" of your page (saying for example that your "orders.php" can only be accessed by users >= 10000, so only administrators and root)
- for "fences", what I would suggest is to create groups, assing users to these groups (based on what they can see) and then check at the top of your PHP page if the current user belongs to an allowed group.
Obviously I made it quite simple here and there could be other "twists" to this thing (we are talking about a read-only system, but you could specify also "edit" permissions, kinda like the ones you have on files on Linux): anyway, I hope it helped a bit.
Silvio Porcellana
Pablo D Marotta wrote:
Hi, I´m developing an intranet on Apache-PHP-Mssql. I need to know if there´s any way of managing users to have access to specific areas inside my site, and at the same time, managing other users, giving them permision to acces other areas only, because all of the codes and information I´ve found (at least for Windows), simply give permission "to acces" and pass the "login screen", but don´t limitate the users navigation priviledges. Thanks in advance!
Paul from Argentina.
American Express made the following annotations on 10/22/04 06:06:01 ------------------------------------------------------------------------------ ******************************************************************************
"This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."
******************************************************************************
==============================================================================
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
