I’m back after about 2 weeks of absence. This time I’m going to show you how to create a simple php program which allows you to manage the users of a particular system. And this includes the following:
- Roles
- Transactions
- User Registration
- User Privileges
- Implementing Privileges
Requirements
- Wampserver – the usual software used by Windows users to easily install php, apache, and mysql
- jQuery
Building the Database
First, we’ll go over with the basics of user management. First is the roles. Roles are a particular group of users with the same privileges on the system. An example of a role is the system administrator. The system administrator is able to do everything on the system. Another example of a role is the user. Or the ordinary people using your system. Each of the roles has different amount of privileges on the system. Privileges are the task or transactions that a specific role is able to do in a particular system.
Next, let’s build the database that we will be using.
First, we need a table which will store the different roles:
- role_id – unique id for the role.
- role_description – description or the role. Example: author, administrator
Next, is the table which will store the transactions or tasks which can be carried out by the different roles:
- transaction_id – unique id for the transaction
- transaction – description for the transaction. Example: delete users
- file location – stores the filename and its location in the server. Example: user_registration.php
Also create another table which will associate a role with a specific transaction:
- role_id – foreign key from the roles table
- transaction_id – foreign key from the transactions table
- transaction_state – state of the transaction. 1 if it can be done by the role, 0 if its not
Lastly, the user table. Where the user login information will be stored:
- user id – unique id for the user
- password – password used by the user to login
- role_id – foreign key from the roles table
Go ahead and build your database using phpmyadmin or any database management software which supports mysql.
Roles
Next, let’s create the form which allows us to create the roles. Roles as I have said earlier, is a group of users having the same privileges.
<form action="create_roles.php" method="post">
<label for="role">Role:</label>
<input type="text" name="role" id="role" required/>
<input type="submit"/>
</form>
Then the sql query which inserts the role into the database:
$create_role = $db->query("INSERT INTO tbl_roles
SET role_id='$role_id', role='$role', departmentID='$dept'");
Transactions
Next, let’s create the form which allows us to create transactions. Transactions are the links that the user sees in the navigation. Which means that whatever transactions are assigned to a role, those are the only links that will be seen by the user assigned with that role.
<form action="create_transaction.php" method="post">
<label for="trans">Transaction:</label>
<input type="text" name="trans" id="trans" required/>
<label for="file_loc">File location:</label>
<input type="text" name="file_loc" id="file_loc" required/>
<input type="submit"/>
</form>
Then the sql query which inserts the transaction into the database:
$ctransaction = $db->query("INSERT INTO tbl_transactions SET
transactionID='$tid', transaction='$transaction',
file_location='$location'
departmentID='$dept_id'");
User Registration
Next is the user registration. This is where the role for the user is being selected. The rule is only one role per user. But its also possible to assign multiple roles to a single user. But we won’t be discussing it here.
<form action="user_registration.php" method="post">
<label for="user_id">User ID:</label>
<input type="text" name="user_id" id="user_id" required />
<label for="password">Password:</label>
<input type="password" name="password" id="password" required/>
<label for="user_role">Role:</label>
<input type="text" name="user_role" id="user_role" list="roles"
autocomplete="off" required>
<datalist id="roles">
<?php
$roles = $db->get_results("SELECT * FROM tbl_roles");
if(!empty($roles)){
foreach($roles as $k=>$v){
?>
<option value="<?php echo $v->role_id; ?>">
<?php echo $v->role; ?></option>
<?php } ?>
<?php } ?>
</datalist>
<input type="submit"/>
</form>
Then the query. Don’t forget to encrypt the users password before saving it into the database. You can use common hashing methods like md5() and sha1(). To encrypt user passwords.
$reg_user = $db->query("INSERT INTO sys_users
SET UserID='$user_id', strPassword='$pword',
intRole='$role_id' ");
User Privileges
Next, is the designation of user privileges through roles. In this part, the system administrator will search for a specific role. Then a list of transactions will be displayed with a checkbox associated with it. If the checkbox is checked, the role can perform the transaction. If its not checked, then the role cannot perform the transaction. It’s like a switch which hides and shows the different links in the navigation depending on what is checked.
<?php
$s_trans = $db->get_results("SELECT * FROM tbl_transactions");
if(!empty($s_trans)){
?>
<table border="1" id="dtable" class="display">
<thead>
<tr>
<th>Transaction</th>
<th>Active</th>
</tr>
</thead>
<tbody>
<?php foreach($s_trans as $st){ ?>
<tr>
<td><?php echo $st->transaction; ?></td>
<td><input type="checkbox" id="cbox"
data-transid="<?php echo $st->transactionID; ?>"
name="transtate[]"
<?php if(stat_fetch($role_id, $st->transactionID) == 1){
echo 'checked'; }
?>></td>
</tr>
<?php } ?>
<tbody>
</table>
<?php } ?>
As you can see from the above code, I used a little function called stat_fetch(). Which fetches the status of a specific transaction based on the selected role. The status is equal to 1 if it can be done by the role, and 0 if it cannot.
The function returns the transaction state, which is then used by the if statement to determine whether to put a check mark on the checkbox or not.
Oops, that’s only halfway through our user privileges. Next, we need to update the table which stores the role id, transaction id, and transaction state.
And we will make use of that file through jQuery. Since it’s a whole lot easier to perform ajax calls using jQuery rather than using pure Javascript. This code only executes when the user clicks on the checkbox. It then gets the transaction id and role id from the attributes that we set earlier on the checkbox. The data-transid attribute stores the transaction id, and the value attribute stores the role id.
Next, we checked if the checkboxes checked attribute is set to true. This simply means that were checking if the checkbox is checked or not. We then assign it to the variable cbox_st(short for checkbox state). Then lastly, we submit the role id, transaction id, and the checkbox state to a file called transactions_update.php.
$('#cbox').live('click', function(){ var trans_id = $(this).attr('data-transid'); var role_id = $('#roleid').val();
var cbox_st = 0;
if($(this).attr('checked') == true){
cbox_st = 1;
}else{
cbox_st = 0;
}
$.ajax({
type: "POST",
url: "../ajax/transactions_update.php",
data: "role_id=" + role_id + "&trans_id="
+ trans_id + "&state=" + cbox_st
});
});
Then here’s transaction_update.php, the file that is called by the jQuery ajax() function. Remember that we specified earlier, that the data is going to be submitted using the POST variable. That’s why we are getting the values through $_POST. What this does, is to check if the transaction id and role id already exist in the table which stores the transactions which can be performed by a role. If it exists, then we just perform an update to the transaction state. Transaction state is updated to hold a value of 1 or 0 depending upon the checkbox associated with the transaction. If its checked then the value is 1, if its not checked, then the value is updated to 0.
<?php
require_once('db_config.php'); //database configuration
$trans_id = $_POST['trans_id'];
$state = $_POST['state'];
$role_id = $_POST['role_id'];
$checker = $db->query("SELECT * FROM def_transactions
WHERE roleID='$role_id' AND transactionID='$trans_id'");
if($checker > 0){
$role_up = $db->query("UPDATE def_transactions
SET transactionState='$state'
WHERE transactionID='$trans_id' AND roleID='$role_id'");
}else{
$role_create = $db->query("INSERT INTO def_transactions
SET transactionState='$state', roleID='$role_id',
transactionID='$trans_id'");
}
?>
Implementing Privileges
Lastly, we implement the privileges. This is where we control what links will be seen by the user on the navigation bar.
<?php
$transactions = $db->query("SELECT file_location,
transaction FROM tbl_transactions
LEFT JOIN def_transactions
ON tbl_transactions.transactionID = def_transactions.transactionID
WHERE roleID='$role_id' AND transactionState = 1
?>
<?php if(!empty($transactions){ ?>
<?php foreach($transactions as $k=>$v){ ?>
<a href="<?php echo $v->file_location; ?>">
<?php echo $v->transaction; ?>
</a>
<?php } ?>
<?php } ?>
That’s it in its simplest form. As you can see the code above just loops through the transactions which is associated with the role id and has a transaction state of 1. It’s in a straight line. So your links will appear in one line. You might as well want to group the different transactions into a few main links to group each transactions. Of course, you will have to perform a few changes on your database to do that.
Conclusion
Yes, in case you haven’t figured out yet. This method only hides the links from the users. It doesn’t actually set what specific pages can be accessed by the users. It’s weakness is that the page can still be accessed if the user knows the actual URL of the page.
That’s it for this tutorial, see you next time! Thanks for reading!