User login & role based access management using PDO CRUD
In this article, we are going to discuss about the User login and role based access. This is basically managing user privileges. There are several different ways of doing it. We are going to discuss simple role based access management and how it can be done easily using
PDO Crud – Advanced PHP CRUD application (Form Builder & Database Management tool)
Overview
Almost each backend (admin) application requires login and roles based access management. In many applications, we need to restrict user to show unnecessary information. User access control shows relevant information to user. For example, admin or super admin will have all the access
of application while some user roles like support, editor etc will have limited access. It depends on the application to decide each role privileges. Role management can be simple or complicated depending upon the application. We are going to understand how to implement a simple login and role based management using pdo crud (PHP and Mysql).
Prerequisite:
- PDO Crud – Advanced PHP CRUD application (Form Builder & Database Management)
- PHP Version 5.3 and above (preferably latest version)
- Database (Mysql, etc)
Lets’ Start
We will use two database tables to manage user login and roles. Here are the structure of these two tables.
User login table contains the details about login information of user and role assigned (role_id) to the user. The role table contains the role_id and role_name. For each role, the privileges can be managed in a database table or can be handled at the coding level. For sake of simplicity, we are going to manage it via the code.
- User login: PDO Crud helps you to generate login form easily using two lines of code. It will generate the form and as well as check the login details against the database table.
Output will be – Complete login form
All done. These days, most of the applications don’t save password in plain text format. They use some form hashing/encryption e.g. md5, SHA256 etc. So before checking the password, we need to convert the password as per the hashing/encryption used. This is done using the callback functions. Callback function definition needs to be added on the script/pdocrud.php page.
https://pdocrud.com/documentation/#php_callback_functions
On successful login, we would want to save the logged in user information, including the role_id in session. These sessions would be used for validating user on all pages. To set session, you can use setUserSession function.
After login, you may want to redirect page to some index or dashboard page. You can do this using formRedirection functon.
Here is the complete code
2. Validate User Login and Role management: Each backend page needs to check whether user is logged in or not. To do so, you can use the pdo crud checkUserSession function. This function returns true if that session id exists. This can be used to check whether user is login or not. You can also pass the array of values to check whether the session id has any of these values. This part can be used to check the user role. Here is the sample code.
Here first we are checking the session we have created in login page. This session will exists only if login is successful. We have saved role_id in the session named role. Suppose only role 1 to 3 (admin, author, subscriber) are allowed to access the page, then we can check it by passing it in the array. Instead of numeric value, we can pass the exact role name in the array of values. We can get the session role name from the session role_id by querying the database table roles.
We can also add further checks based on the role id
if($pdocrud->checkUserSession("role", array(3))){// do not allow add/edit/update/delete access to subscriber
$pdocrud->setSettings("addbtn", false);
$pdocrud->setSettings("editbtn", false);
$pdocrud->setSettings("delbtn", false);
}You can now enhance this logic and code example as per your needs. You can even design role management class where you can define the role based privileges and pass session information to validate against it.
Conclusion
PDO Crud provides complete solution for making complete backend (Admin) application from user access management to development of various functionalities. Most of the code are very easy to understand and provides almost all features needed to develop your application.
