Simple user management in php

I’m back after about 2 weeks of absence. This time I’m going to show you how to create a simple php program which allows you to manage the users of a particular system. And this includes the following:

  1. Roles
  2. Transactions
  3. User Registration
  4. User Privileges
  5. Implementing Privileges

 

Requirements

  • Wampserver – the usual software used by Windows users to easily install php, apache, and mysql
  • jQuery

 

Building the Database

First, we’ll go over with the basics of user management. First is the roles. Roles are a particular group of users with the same privileges on the system. An example of a role is the system administrator. The system administrator is able to do everything on the system. Another example of a role is the user. Or the ordinary people using your system. Each of the roles has different amount of privileges on the system. Privileges are the task or transactions that a specific role is able to do in a particular system.

Next, let’s build the database that we will be using.
First, we need a table which will store the different roles:

  • role_id – unique id for the role.
  • role_description – description or the role. Example: author, administrator

Next, is the table which will store the transactions or tasks which can be carried out by the different roles:

  • transaction_id  – unique id for the transaction
  • transaction – description for the transaction. Example: delete users
  • file location  – stores the filename and its location in the server. Example: user_registration.php

Also create another table which will associate a role with a specific transaction:

  • role_id – foreign key from the roles table
  • transaction_id foreign key from the transactions table
  • transaction_state  – state of the transaction. 1 if it can be done by the role, 0 if its not

Lastly, the user table. Where the user login information will be stored:

  • user id   – unique id for the user
  • password  – password used by the user to login
  • role_id foreign key from the roles table

Go ahead and build your database using phpmyadmin or any database management software which supports mysql.

 

Roles

Next, let’s create the form which allows us to create the roles. Roles as I have said earlier, is a group of users having the same privileges.

<form action="create_roles.php" method="post">
    <label for="role">Role:</label>
    <input  type="text" name="role" id="role" required/>
    <input type="submit"/>
</form>

Then the sql query which inserts the role into the database:

$create_role = $db->query("INSERT INTO tbl_roles

SET role_id='$role_id', role='$role', departmentID='$dept'");

 

Transactions

Next, let’s create the form which allows us to create transactions. Transactions are the links that the user sees in the navigation. Which means that whatever transactions are assigned to a role, those are the only links that will be seen by the user assigned with that role.

<form action="create_transaction.php" method="post"> <label for="trans">Transaction:</label> <input type="text" name="trans" id="trans" required/>

<label for="file_loc">File location:</label>

<input type="text" name="file_loc" id="file_loc" required/> <input type="submit"/> </form>

Then the sql query which inserts the transaction into the database:

$ctransaction = $db->query("INSERT INTO tbl_transactions SET

transactionID='$tid', transaction='$transaction',

file_location='$location'

departmentID='$dept_id'");

 

User Registration

Next is the user registration. This is where the role for the user is being selected. The rule is only one role per user. But its also possible to assign multiple roles to a single user. But we won’t be discussing it here.

<form action="user_registration.php" method="post"> <label for="user_id">User ID:</label> <input type="text" name="user_id" id="user_id" required /> <label for="password">Password:</label> <input type="password" name="password" id="password" required/> <label for="user_role">Role:</label> <input type="text" name="user_role" id="user_role" list="roles"

autocomplete="off" required> <datalist id="roles"> <?php $roles = $db->get_results("SELECT * FROM tbl_roles"); if(!empty($roles)){ foreach($roles as $k=>$v){ ?> <option value="<?php echo $v->role_id; ?>">

<?php echo $v->role; ?></option> <?php } ?> <?php } ?> </datalist> <input type="submit"/> </form>

Then the query. Don’t forget to encrypt the users password before saving it into the database. You can use common hashing methods like md5() and sha1(). To encrypt user passwords.

$reg_user = $db->query("INSERT INTO sys_users

SET UserID='$user_id', strPassword='$pword',

intRole='$role_id' ");

 

User Privileges

Next, is the designation of user privileges through roles. In this part, the system administrator will search for a specific role. Then a list of transactions will be displayed with a checkbox associated with it. If the checkbox is checked, the role can perform the transaction. If its not checked, then the role cannot perform the transaction. It’s like a switch which hides and shows the different links in the navigation depending on what is checked.

<?php $s_trans = $db->get_results("SELECT * FROM tbl_transactions"); if(!empty($s_trans)){ ?> <table border="1" id="dtable" class="display"> <thead> <tr> <th>Transaction</th> <th>Active</th> </tr> </thead> <tbody> <?php foreach($s_trans as $st){ ?> <tr> <td><?php echo $st->transaction; ?></td> <td><input type="checkbox" id="cbox" data-transid="<?php echo $st->transactionID; ?>" name="transtate[]" <?php if(stat_fetch($role_id, $st->transactionID) == 1){

echo 'checked'; }

?>></td> </tr> <?php } ?> <tbody> </table> <?php } ?>

As you can see from the above code, I used a little function called stat_fetch(). Which fetches the status of a specific transaction based on the selected role. The status is equal to 1 if it can be done by the role, and 0 if it cannot.

The function returns the transaction state, which is then used by the if statement to determine whether to put a check mark on the checkbox or not.

Oops, that’s only halfway through our user privileges. Next, we need to update the table which stores the role id, transaction id, and transaction state.

And we will make use of that file through jQuery. Since it’s a whole lot easier to perform ajax calls using jQuery rather than using pure Javascript. This code only executes when the user clicks on the checkbox. It then gets the transaction id and role id from the attributes that we set earlier on the checkbox. The data-transid attribute stores the transaction id, and the value attribute stores the role id.
Next, we checked if the checkboxes checked attribute is set to true. This simply means that were checking if the checkbox is checked or not. We then assign it to the variable cbox_st(short for checkbox state). Then lastly, we submit the role id, transaction id, and the checkbox state to a file called transactions_update.php.

$('#cbox').live('click', function(){    var trans_id = $(this).attr('data-transid');    var role_id = $('#roleid').val();

var cbox_st = 0; if($(this).attr('checked') == true){ cbox_st = 1; }else{ cbox_st = 0; } $.ajax({ type: "POST", url: "../ajax/transactions_update.php", data: "role_id=" + role_id + "&trans_id="

+ trans_id + "&state=" + cbox_st

}); });

Then here’s transaction_update.php, the file that is called by the jQuery ajax() function. Remember that we specified earlier, that the data is going to be submitted using the POST variable. That’s why we are getting the values through $_POST. What this does, is to check if the transaction id and role id already exist in the table which stores the transactions which can be performed by a role. If it exists, then we just perform an update to the transaction state. Transaction state is updated to hold a value of 1 or 0 depending upon the checkbox associated with the transaction. If its checked then the value is 1, if its not checked, then the value is updated to 0.

<?php require_once('db_config.php'); //database configuration $trans_id = $_POST['trans_id']; $state = $_POST['state']; $role_id = $_POST['role_id']; $checker = $db->query("SELECT * FROM def_transactions

WHERE roleID='$role_id' AND transactionID='$trans_id'"); if($checker > 0){ $role_up = $db->query("UPDATE def_transactions

SET transactionState='$state'

WHERE transactionID='$trans_id' AND roleID='$role_id'"); }else{ $role_create = $db->query("INSERT INTO def_transactions

SET transactionState='$state', roleID='$role_id',

transactionID='$trans_id'"); } ?>

 

Implementing Privileges

Lastly, we implement the privileges. This is where we control what links will be seen by the user on the navigation bar.

<?php $transactions = $db->query("SELECT file_location,

transaction FROM tbl_transactions LEFT JOIN def_transactions

ON tbl_transactions.transactionID = def_transactions.transactionID WHERE roleID='$role_id' AND transactionState = 1 ?>

<?php if(!empty($transactions){ ?> <?php foreach($transactions as $k=>$v){ ?> <a href="<?php echo $v->file_location; ?>">

<?php echo $v->transaction; ?>

</a> <?php } ?> <?php } ?>

That’s it in its simplest form. As you can see the code above just  loops through the transactions which is associated with the role id and has a transaction state of 1. It’s in a straight line. So your links will appear in one line. You might as well want to group the different transactions into a few main links to group each transactions. Of course, you will have to perform a few changes on your database to do that.

 

Conclusion

Yes, in case you haven’t figured out yet. This method only hides the links from the users. It doesn’t actually set what specific pages can be accessed by the users. It’s weakness is that the page can still be accessed if the user knows the actual URL of the page.
That’s it for this tutorial, see you next time! Thanks for reading!

5 thoughts on “Simple user management in php

  1. Hello all, i’m trying to write this code different with php, mysql. it’s very different way of writing queries SQL. can you upload application code in a zip file with the function stat_fetch()?? i have problem with this. thanx a lot!!

    • I purposely didn’t include it I thought it was pretty obvious since I also described what the function does. I don’t already have the file but here is what it will look like:

      function stat_fetch($role_id, $transaction_id){
      global $db; //or whatever variable you used to store database connection
      //query here: SELECT status FROM tbl_roletransactions WHERE role_id = ‘$role_id’ AND transaction_id = ‘$transaction_id’
      return $status;
      }

      I’m using the library ez sql if I haven’t already mentioned on the article.

      • Ok thanks a lot!! I want to build a admin panel for managing user rights – privileges on the page and helped me this tutorial. if you know another similar tutorial and is easy, send me the link. thanx again.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s