Login/Register
Displaying same page differently for users with different roles
Asked Answered
Solved phpkohanakohana-3
E

1

10

I wanted some suggestions from someone with experience in php.

I am making a website in php which will have 4 kinds of users : 1. guest(unregistered), 2. registered, 3. registered with special privilages, 4. admins

So the same page will be visible differently to all four of them.

Right now I am doing that by using if conditions. In every page, I am checking the role of the user and then using many if statements to display the page accordingly.

It makes the code very big and untidy and I have to check conditions again and again in all the pages.

  1. Is there a better way to do this?

  2. How is this done in big professional websites?

  3. Extended Question: What is the most optimal way to do the same using a MVC framework like kohana 3.1? Does it have anything to do with acl?

Emilieemiline answered 28/6, 2011 at 21:22 Comment(1)
Extended answer: Yes, ACL is an Access Control List. It basically says "this is an user account detail page, so it can be accessed by following roles: 'registered user', 'admin', 'superuser', 'god'".Gussie
S
6

It really depends on what you need.

For example if the page has big part that change completely, what I would suggest is to create different templates and include them depending on their "permissions"

 $permission = $_SESSION['type_user'];
 include '/path/to/file/with/permission/'.$permission.'/tpl.html';

and have something in the page similar to

<?php
//inside include.php you have the line similar to
//$permission = isset($_SESSION['type_user']) && $_SESSION['type_user']!=''?$_SESSION['type_user']:'common';
require_once '/mast/config/include.php';
include '/path/to/file/with/permission/common/header.html';
include '/path/to/file/with/permission/'.$permission.'/tpl_1.html';
include '/path/to/file/with/permission/common/tpl_2.html';
include '/path/to/file/with/permission/'.$permission.'/tpl_3.html';
include '/path/to/file/with/permission/common/footer.html';
?>

if the script is full of small parts like "show this text", or "show this button", you can create a function that will check the permissions for you

<?php
function can_user($action, $what){
   switch($action){
      case 'write':
          return $your_current_if_on_what;
          break;
      case 'read':
      default:
          return $your_current_if_on_what;
          break;
   }
}
?>

and the template will look like:

[my html]
<?=can_user('read','button')?'My Button':''?>
[my html]

As a rule of thumb, if a piece of code is used more than 2 times, it needs to be put in a function/file separately, so if you have many "IFS" you need to create a function

Semanteme answered 28/6, 2011 at 22:11 Comment(3)
Thanks. Though took me some time to understand, i got it. Any idea how is this done by big professional websites?Emilieemiline
Depend what you mean with big professional sites. I run and developed for big sites, and each time is a different solution depending on what the parameters are. For example you have to keep in mind that each time that PHP has to access the file system it has a big performance problem, but some accelerator/optimizers often can help (I use eAccelerator).Semanteme
My last 2 big sites I used a combination of the two where the template that I wanted to include was passed to the "can_user", and the returned the template name itself or a different template name when they user didn't have the permission to see that part. something like include can_user('read','button','button_html'); and the can_user function will be return $this_user_can?$template,'permission_deny_in_page';Semanteme

© 2022 - 2024 — McMap. All rights reserved.