Comments on: A Better Login System

By: George W

George W — Wed, 17 Mar 2010 02:07:29 +0000

I am working to build a website for my car club. I want to have 3 or 4 user levels and this code will do a great job in that area. I am very inexperienced in website building. I don’t see how to implement this into my site. Do I need to have a good login script and then overlay this code over that code? Any help you could suggest would be appreciated. I am looking at a login code form easykiss123.com here is the link to the site
http://www.easykiss123.com/easy-setup-of-login-registration-and-password-protected-areas-on-your-website/
Thank you for your assistance. I have downloaded your code and have uploaded it to try it out. Looks great I just haven’t figured out how to make it work on my site.
Thanks, George W

By: Mark

Mark — Fri, 05 Mar 2010 11:51:19 +0000

Following up my previous post, I’ve concluded that it would actually be more sensible for an explicit ‘deny’ permission in any role to overrule an ‘allow’ permission in any other. To do this with the existing code is very easy; in the function getRolePerms() change the first few lines to:

if (is_array($role))
{
$roleSQL = “SELECT * FROM `role_perms` WHERE `roleID` IN (” . implode(“,”,$role) . “) ORDER BY `value` DESC”;
} else {
$roleSQL = “SELECT * FROM `role_perms` WHERE `roleID` = ” . floatval($role) . ” ORDER BY `value` DESC”;
}

What I’m doing here is simply ordering the role permissions by ‘allowed’ permissions > ‘denied’ permissions. The array_merge function will then favour the ‘deny’ permissions over the ‘allow’ permissions with the same key.

If you want the opposite behaviour (an ‘allow’ permission in any role overrides a ‘deny’ permission) then change the DESC to ASC.

By: Mark

Mark — Fri, 05 Mar 2010 10:57:35 +0000

Say two roles have the same permission; in the role 1 the permission is set to ‘allow’, in role 2 the permission is ‘deny’. Now both roles are assigned to a single user. Will the user be allowed or denied the permission? I think the answer depends on whether role 1 or role 2 was assigned the permission first, since getRolePerms() orders the found permissions based on the ID in role_perms.

And if it does, then that is surely a fundamental flaw in the design, since it depends on the roles being ordered manually by ‘most permissions’ > ‘less permissions’ to work as expected. Or am I missing something?

I think the behaviour should be: when any role specifies that a permission is ‘allowed’ then that should take precedence over any other role that specifies it is denied, regardless of the role order. So in practice getRolePerms() should only return permissions where value = 1 (i.e. allowed permissions). Or, you could get rid of the value field altogether since it is redundant.

The alternative would be to use some kind of inheritance for roles, for example a tree structure so that children inherit parent permissions.

By: Jhonka

Jhonka — Thu, 04 Mar 2010 07:47:37 +0000

Opps dude,

where is the logout if i am not wrong (

By: rizq

rizq — Mon, 01 Mar 2010 08:14:18 +0000

problems with error reporting level, but solved now

eg; line 50 in perms.php

if (isset($_GET['action']) == ‘perm’) { //working

By: bearbear

bearbear — Sun, 07 Feb 2010 19:05:56 +0000

thanks for ur sharing~

By: divyaprakash

divyaprakash — Thu, 28 Jan 2010 09:20:30 +0000

Really great tutorial. Submit ur website to my PR2 web directory http://www.selra.org

By: Jay

Jay — Fri, 22 Jan 2010 14:28:36 +0000

Great Tutorial, Thanks

By: ajith

ajith — Tue, 12 Jan 2010 10:55:13 +0000

Great Article

By: PHP Login system Tutorial | Jagadishwor's Blog

PHP Login system Tutorial | Jagadishwor's Blog — Thu, 31 Dec 2009 08:07:51 +0000

[...] 8. A Better Login System [...]