icky_thump — 2013-09-11T16:47:32-04:00 — #1
I'm just learning PHP and have to adjust something the developers built.
We have a user registration and login on our site.
We are adding a special section to the site that will initially be restricted only to certain customers.
I don't want them to have to do anything special to log in to that section but instead have permissions we can turn on in the admin.
As one example.....
The end result would be that on the admin side, in each profile there would be a checkbox to turn on the select customers permissions for that exclusive section.
The end user would never see anything or know about it other than being prompted to login like usual. Then for some it would give access and others would receive some kind of message to call whomever......
I thought I could add an additional column to the table for those permissions and script it to check for approval equaling 0 or 1 for no or yes.
I can't piece this together though.
So, first question, am I approaching this in the best way?
If not, what other options do I have?
If so, what info do I need to share here to get some feedback that can help sort it out?
drummin — 2013-09-11T18:19:05-04:00 — #2
See my post here. It's almost the same issue. If they have more permissions you can add things to menus etc. This also could be level based, 2,3,4,5 etc. Whatever is going to work in your case.
icky_thump — 2013-09-17T11:52:24-04:00 — #3
Hey Drummin, thanks for your reply and the link.
I think I get what's being described, yet when it comes to integrating it all into code, I get bogged down.
I have the checkbox working in the admin panel that it switches the privileges on in the DB, but on the section that requires the privileges, it's not restricting things.
I'm pretty stumped as to how to get it functioning.
ginerjm — 2013-09-17T12:10:24-04:00 — #4
What do you use to validate your users within your application? A cookie? A session var? Whatever it is, you need to have multiple values to distinguish the privileges that your signon process grants. So - either assign different values to the cookie, or the session var, or add an additional token that needs to be checked for those scripts requiring it. Hopefully, you have a function that is included in all your appls scripts so that you only need make changes to your code once, then this will be easy to implement, whatever method you use to confirm logon.
icky_thump — 2014-02-03T12:28:07-05:00 — #5
Thanks for the feedback everyone. This got set aside and now I'm back dealing with it. Never got it to work like I wanted. Have a quote to do it from a developer. They are estimating 80-100 hours of work. Gulp! Is it just me or does that seem outrageous?
This is a modification of an existing login on an existing site.
- Modify existing such that behind the scenes in the AdminPanel, I could turn extra privileges on or off for each customer.
(probably just a checkbox)
- I will add a 'social media' button into our footer that will be where they access info for this product.
- When clicked it will direct to a page specific to this new product (there is no link in the main menu for it yet)
- The system will do the existing check to see if logged in and either prompt for login like usual or continue forward to the next check
- The next check would be to see if this user/login has the aforementioned extra privileges
- If yes, the system directs them to the new product landing page which is full of resources for the new product.
- If no, the system directs them to a page with a video of the new product and a list of contact for more info.
Am I over-simplifying things? While it is beyond my abilities to get it functioning properly, it doesn't seem like it's THAT difficult.
I know there is probably more info you'd need to fully assess it, but is close to 100 hours of development even in the ballpark?