Sensation Energy

Tutorials


Privilege & Role & Action

Privilege & Role & Action and LOGIN user as Admin or User or Moderator

Introduction

Privilege & Role & Action are features that allow users to be an administrator, moderator or regular user. Roles allow users to log in to the page for which they have a role, as well as to their personal side. Privileges are based on roles, ie. On how you set them, and depending on that the user can, for example, in our case see all the fields or some, it all depends on how you set them. We call this action. The action is based on "yes" or'' "no", if the user has an action everywhere with that he can see everything, if he doesn't have or has somewhere with that he can only see it, if there is "no" name, the user can't see.

It is installed like any application that contains PHP and MySql, which is:

  • Unzip the zip file privilege_role and insert it on the server (Wamp. Xamp, Lamp)
  • Content with MySql database
  • Run via localhost - Example: http://localhost/privilege_role/index.php
  • Login

On this find you have installed and run Privilege & Role.

Privilege & Role & Action

In this section, we will show you the functionality of Privilege & Role & Action

When you go to home.php you can see the following:

Table I

  • 1. Username, Role and Privilege
  • 2. logaut, Edit profile and add user
  • Since the logged in user has admin roles, he can add a new user, and everyone else cannot

You can also:

Add user

  • Acrion - View (yes or no), Edit (yes or no), Delete (yes or no)
  • Add user (Name, Password, Email User)
  • Privilege (All, View, Edit, Delete)
  • Role (Admin, Moderator, User)

Add user - Form


<!--Classic data entry form -->
<form action="add2.php" method="post" enctype="multipart/form-data">
<div class="form-group">
<table class="table table-hover table-bordered">
<thead>
<tr>
<th>View - yes</th>
<th>Edit - yes</th>
<th>Delete - yes</th>
<th>View - no</th>
<th>Edit - no</th>
<th>Delete - no</th>
</tr>
</thead>
<!-- You can check the fields here "yes" or "no" -->
<tbody id="dataTable">
<tr>
<td><input type="checkbox" name="view[0]" value="yes"></td>
<td><input type="checkbox" name="edit[0]" value="yes"></td>
<td><input type="checkbox" name="dele[0]" value="yes"></td>
<td><input type="checkbox" name="view[0]" value="no"></td>
<td><input type="checkbox" name="edit[0]" value="no"></td>
<td><input type="checkbox" name="dele[0]" value="no"></td>
</tr>
</tbody>
</table>
</div>
<!-- Here, elements, name, mail, .. are entered in the usual way. -->
<div class="form-group">
<label for="thread_title"><h2>Name</h2></label>
<input type="text" name="name" class="form-input" >
</div>
<div class="form-group">
<label for="prezime"><h2>Password</h2></label>
<input type="text" class="form-input" name="password" >
</div>
<div class="form-group">
<label for="thread_title1"><h2>Email</h2></label>
<input type="text" name="email" class="form-input" >
</div>
<div class="form-group">
<label for="thread_title1"><h2>User</h2></label>
<input type="text" name="user" class="form-input" >
</div>
<!-- This is a drop down menu where you can choose what the user can see (all, view, edit or delete) -->
<div class="form-group">
<label for="privilege"><h2>Privilege</h2></label>
<select  name="privilege" id="privilege" class="form-input">
<option value='1'>All</option>;
<option value='2'>View</option>;
<option value='3'>Edit</option>;
<option value='4'>Delete</option>;
</select>
</div>
<!-- This is a drop-down menu where you choose which role the user will have -->
<div class="form-group">
<label for="role"><h2>Role</h2></label>
<select  name="role" id="role" class="form-input">
<option value='admin'>Admin</option>;
<option value='user'>User</option>;
<option value='moderator'>Moderator</option>;
</select>
</div>
<div class="btn-group">
<div align="center">
<!-- Of course me in the button is as important as everywhere because of the if loop -->
<input type="button" class="btn-2" onclick="location.href='home.php';" value="Cancel" />
<input type="submit" class="btn-1" name="edit_post" value="Edit Profile">
</div>
</div>
</form>

Add user - Action


//As we explained earlier, the session, connection to the database and the POST method
<?php
session_start();
require 'conection.php';
$name = $_POST['name'];
$email = $_POST['email'];
$user = $_POST['user'];
$password = $_POST['password'];
$role = $_POST['role'];
$privilege = $_POST['privilege'];
//This is how we add: view", edit and delete or not
if ($_POST['view']) {
foreach ($_POST["view"] as $key => $value) {
$view = $_POST["view"][$key];
$edit = $_POST["edit"][$key];
$dele = $_POST["dele"][$key];
//This is a cascading procedural entry into the database that we explained earlier
$sql = "INSERT INTO users2 (name, email, user, password, role, privilege, view, edit, dele) " .
"VALUES ('$name', '$email', '$user', '$password', '$role', '$privilege', '$view', '$edit', '$dele')";
mysqli_query($conection, $sql);
echo "<script>alert('Add user!')</script>";
echo "<script>window.history.go(-2);</script>";
} } ?>

Edit user

Edit user you can change Actions, users (Name, Email Password), Privileges and Roles.

Edit user - Form & Action


//As we explained in previous tutorials, the edit or session is connected to the database and Post method
<?php
session_start();
require 'conection.php';
//Standards select processed with the while loop that we explained in previous tutorials and is used to print the desired fields, only here we first printed the fields with a "row", and in the form without a "row"
$baza = "SELECT * FROM users2 where user='$_SESSION[user]'";
$select_posts = mysqli_query($conection, $baza);
while ($row = mysqli_fetch_assoc($select_posts)) {
$view=$row['view'];
$edit= $row['edit'];
$dele= $row['dele'];
$us_id = $row['us_id'];
$name = $row['name'];
$email = $row['email'];
$password = $row['password'];
$role = $row['role'];
$privilege = $row['privilege'];
}
//$_POST['edit_post'] form form button
if (isset($_POST['edit_post'])) {
//auto_awesome
Преведи са језика: руски
6 / 5000
Резултати превода
Method POST
$view=$_POST['view'];
$edit= $_POST['edit'];
$dele = $_POST['dele'];
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$role = $_POST['role'];
$privilege = $_POST['privilege'];
//The starter update process that we explained in the previous tutorials and that we use here to update the selected fields
$result = mysqli_query($conection, "UPDATE users2 SET name='$name',role='$role',email='$email',password='$password',privilege='$privilege',view='$view',edit='$edit', dele='$dele' WHERE us_id=$us_id");
echo "<script>alert('Profile has been updated!')</script>";
echo "<script>window.history.go(-2);</script>";
} ?>
<div align="center">
<h2>Edit user</h2>
</div>
//Classic update form
<form action="" method="post" enctype="multipart/form-data">
<div class="form-group">
<div class="form-group">
<label for="thread_title"><h2>View</h2></label>
<?php echo $view;?>
//Checkbox fields are edited here. The first is "no" hidden, because if you do not select it is automatically entered with no, if you select "yes", press yes
<input type="hidden" name="view" value="no" />
<input type="checkbox" name="view" <?php if($view == "yes") echo "checked='checked'"; ?> value="yes" />
</div>
<div class="form-group">
<label for="thread_title"><h2>Edit</h2></label>
<?php echo $edit;?>
<input type="hidden" name="edit" value="no" />
<input type="checkbox" name="edit" <?php if($edit == "yes") echo "checked='checked'"; ?> value="yes" />
</div>
<div class="form-group">
<label for="thread_title"><h2>Edit</h2></label>
<?php echo $dele;?>
<input type="hidden" name="dele" value="no" />
<input type="checkbox" name="dele" <?php if($dele == "yes") echo "checked='checked'"; ?> value="yes" />
</div>
//Edit name, email, password,..
<div class="form-group">
<label for="thread_title"><h2>Name</h2></label>
<input type="text" name="name" class="form-input" value="<?php echo $name; ?>">
</div>
<div class="form-group">
<label for="prezime"><h2>Password</h2></label>
<input type="text" class="form-input" name="password" value="<?php echo $password; ?>">
</div>
<div class="form-group">
<label for="thread_title1"><h2>Email</h2></label>
<input type="text" name="email" class="form-input" value="<?php echo $email; ?>">
</div>
//Edit (select) drop down privilege (all, view, edit and delete)
<div class="form-group">
<label for="privilege"><h2>Privilege</h2></label>
<select  name="privilege" id="privilege" class="form-input">
<option value='<?php echo $privilege;?>'><?php echo $privilege; ?></option>
<option value='1'>All</option>;
<option value='2'>View</option>;
<option value='3'>Delete</option>;
</select>
</div>
//Edit (select) drop down role (admin, moderator or user)
<div class="form-group">
<label for="role"><h2>Role</h2></label>
<select  name="role" id="role" class="form-input">
<option value='<?php echo $role;?>'><?php echo $role; ?></option>
<option value='admin'>Admin</option>;
<option value='user'>User</option>;
<option value='moderator'>Moderator</option>;
</select>
</div>
<div class="btn-group">
<div align="center">
<input type="button" class="btn-2" onclick="location.href='home.php';" value="Cancel" />
//Important name="edit_post" for if loop
<input type="submit" class="btn-1" name="edit_post" value="Edit Profile">
</div>
</div>
</form>

Table II

  • User - who can only see your profile
  • Admin - who can only see your profile, other user profiles, admin page and moderator page
  • Moderator - who can only see your profile, other user profiles and moderator page

Table III

  • View all users

View all users

The classic table for displaying fertility is selceta. We use procedural PHP Miskl. Explanation: from the SELECT * FROM user 2 we extract the data $ us_id, $ name, $ user, $ password, $ email, $ role, $ privilege, $ view, $ edit, $ dele, $ date and list them in the table. Note it is necessary to connect to the base first.


<table>
<thead>
<tr>
<th scope="col">M_d</th>
<th scope="col">Name</th>
<th scope="col">User</th>
<th scope="col">Password</a></th>
<th scope="col">Email</th>
<th scope="col">Role</a></th>
<th scope="col">Privileg</a></th>
<th scope="col">View</a></th>
<th scope="col">Edit</a></th>
<th scope="col">Delete</a></th>
<th scope="col">Date</th>
</tr>
</thead>
<tbody>
< ?php
$sql = "SELECT * FROM users2";
$result = mysqli_query($konekcija, $sql);
while($row = mysqli_fetch_array($result)){
$us_id= $row['us_id'];
$name= $row['name'];
$user= $row['user'];
$password = $row['password'];
$email = $row['email'];
$role = $row['role'];
$privilege = $row['privilege'];
$view = $row['view'];
$edit = $row['edit'];
$dele = $row['dele'];
$date= $row['date'];
?>
<tr>
<td data-title="us_id">< ?php echo $us_id; ?></td>
<td data-title="name">< ?php echo $name; ?></td>
<td data-title="user">< ?php echo $user; ?></td>
<td data-title="password">< ?php echo $password; ?></td>
<td data-title="email">< ?php echo $email; ?></td>
<td data-title="role">< ?php echo $role; ?></td>
<td data-title="privilege">< ?php echo $privilege; ?></td>
<td data-title="view">< ?php echo $view; ?></td>
<td data-title="edit">< ?php echo $edit; ?></td>
<td data-title="dele">< ?php echo $dele; ?></td>
<td data-title="date">< ?php echo $date; ?></td>
< ?php } ?>
</tbody>
</table>

Table IV - Privilege

Here we show what privilege the user has and based on what he can see and those are:

  • 1 - all (view, edit, delete)
  • 2 - only (view, edit)
  • 3 - only (delete)

Privilege

Also, the classic table for showing the value is the village. We use procedural PHP MySql. Explanation: Here we show what the user can see in terms of privileges.


<table>
<thead>
<tr>
<th scope="col">M_d</th>
<th scope="col">Title</th>
<th scope="col">Content</a></th>
<th scope="col">User</th>
<th scope="col">Date</th>
<th scope="col">Actiona</th>
</tr>
</thead>
<tbody>
< ?php
$sql = "SELECT * FROM messages";
$result = mysqli_query($konekcija, $sql);
while($row = mysqli_fetch_array($result)){
$m_id= $row['m_id'];
$title= $row['title'];
$user= $row['user'];
$date= $row['date'];
$content = $row['content'];
?>
<tr>
<td data-title="m_id">< ?php echo $m_id; ?></td>
<td data-title="title">< ?php echo $title; ?></td>
<td data-title="content">< ?php echo $content; ?></td>
<td data-title="user">< ?php echo $user; ?></td>
<td data-title="date">< ?php echo $date; ?></td>
<td data-title="action">
< ?php
//This is me if the user is logged in and has privilege 1 it means he can see everything
if(isset($_SESSION['user']) and ($rows['user'] == $_SESSION['user']) and ($rows['privilege'] == '1')){
?>
<a href="#"><button class="btn-1">View</button></a>
<a href="#"><button class="btn-2">Edit</button></a>
<a href="#"><button class="btn-5">Delete</button></a>
?php
//This is me if the user is logged in and has privilege 1 it means he can only see (view, edit)
}  else   if(($rows['user'] == $_SESSION['user']) and ($rows['privilege']  == '2')){
?>
<a href="#"><button class="btn-1">View</button></a>
<a href="#" onClick="return confirm('Delete ?')\"><button class="btn-5">Delete</button></a>
?php
This is me if the user is logged in and has privilege 1 it means he can only see delete
} else if (($rows['user'] == $_SESSION['user']) and ($rows['privilege']  == '3')){
?>
<a href="#"><button class="btn-5">Delete</button></a>
< ?php } ?>
</td>
</tr>
< ?php } ?>
  </tbody>
  </table>

Table V - Action

In this table determines who has the right to see everything or just "view" or "edit" or "delete"

  • 1 view = "yes" or "no"
  • 2 - edit = "yes" or "no"
  • 3 - delete = "yes" or "no"

Action

Also, the classic table for displaying values is the village. We use procedural PHP Miskl. Explanation: Here we show the yes or no functionalities that are assigned to the user.


<table>
<thead>
<tr>
<th scope="col">M_d</th>
<th scope="col">Title</th>
<th scope="col">Content</a></th>
<th scope="col">User</th>
<th scope="col">Date</th>
<th scope="col">Actiona</th>
</tr>
</thead>
<tbody>
< ?php
$sql = "SELECT * FROM messages";
$result = mysqli_query($konekcija, $sql);
while($row = mysqli_fetch_array($result)){
$m_id= $row['m_id'];
$title= $row['title'];
$user= $row['user'];
$date= $row['date'];
$content = $row['content'];
?>
<tr>
<td data-title="m_id">< ?php echo $m_id; ?></td>
<td data-title="title">< ?php echo $title; ?></td>
<td data-title="content">< ?php echo $content; ?></td>
<td data-title="user">< ?php echo $user; ?></td>
<td data-title="date">< ?php echo $date; ?></td>
<td data-title="action">
//This means if the user has "view = yes" then he can see if he has "view = no" then he cannot see
< ?php if(isset($_SESSION['user']) and ($rows['user'] == $_SESSION['user']) and ($rows['view']  == 'yes')){ ?>
<a href="#"><button class="btn-1">View</button></a><br>
< ?php }  ?>
//This means if the user has "edit = yes" then he can see if he has "edit = no" then he cannot see
< ?php  if(isset($_SESSION['user']) and ($rows['user'] == $_SESSION['user']) and ($rows['edit']  == 'yes')){ ?>
<a href="#"><button class="btn-2">Edit</button></a><br>
< ?php }  ?>
////This means if the user has "delete = yes" then he can see if he has "delete = no" then he cannot see
< ? php  if(isset($_SESSION['user']) and ($rows['user'] == $_SESSION['user']) and ($rows['dele']  == 'yes')){ ?>
<a href="#"><button class="btn-5">Delete</button></a><br></td>
< ?php } ?>
</td>
</tr>
< ?php } ?>

Database

Database allows us to assign roles and privileges to users2. The messages table is given only as an example to make the Privilege table and Action table a privilege function.

Content with datbase example:

First create database and copy and paste database code. Open file content.php and:

content.php


< ?php
//procedural connection to the database
$server = "localhost";
$user = "root";
$password = "root";
$base = "energy_cms";
$conection = mysqli_connect($server, $user, $password, $base);
?>

database code


-- phpMyAdmin SQL Dump
-- version 4.7.9
-- https://www.phpmyadmin.net/
--
-- Host: 127.0.0.1
-- Generation Time: Feb 22, 2021 at 04:26 PM
-- Server version: 10.1.31-MariaDB
-- PHP Version: 7.2.3

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;

--
-- Database: `funkcija_7_2020`
--

-- --------------------------------------------------------

--
-- Table structure for table `messages`
--

CREATE TABLE `messages` (
`m_id` int(20) NOT NULL,
`title` varchar(200) NOT NULL,
`content` varchar(200) NOT NULL,
`user` varchar(200) NOT NULL,
`date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `messages`
--

INSERT INTO `messages` (`m_id`, `title`, `content`, `user`, `date`) VALUES
(1, 'Test 1', 'content	1 content 1	 ', 'vladimir', '2021-01-06 11:16:07'),
(2, 'Test 2', 'content	content	 2', 'vlada', '2021-01-06 11:16:07');

-- --------------------------------------------------------

--
-- Table structure for table `users2`
--

CREATE TABLE `users2` (
`us_id` int(20) NOT NULL,
`name` varchar(200) NOT NULL,
`email` varchar(200) NOT NULL,
`user` varchar(200) NOT NULL,
`password` varchar(200) NOT NULL,
`role` varchar(200) NOT NULL,
`privilege` int(20) NOT NULL,
`view` varchar(100) NOT NULL,
`edit` varchar(100) NOT NULL,
`dele` varchar(100) NOT NULL,
`date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `users2`
--

INSERT INTO `users2` (`us_id`, `name`, `email`, `user`, `password`, `role`, `privilege`, `view`, `edit`, `dele`, `date`) VALUES
(1, 'vladimir', 'vladimir@mail.com', 'admin', '1234', 'admin', 1, 'yes', 'yes', 'yes', '2021-01-06 16:01:07'),
(2, 'vlada', 'vlada@mail.com', 'user', '1234', 'user', 2, 'yes', 'no', 'no', '2021-01-06 16:01:12'),
(3, 'vaca', 'vaca@mail.com', 'moderator', '1234', 'moderator', 3, 'yes', 'no', 'yes', '2021-01-06 16:01:20'),
(6, 'vaci', 'vaci@mail.com', 'vaci', '1234', 'admin', 1, 'yes', 'yes', 'no', '2021-01-06 15:57:22');

--
-- Indexes for dumped tables
--

--
-- Indexes for table `messages`
--
ALTER TABLE `messages`
ADD PRIMARY KEY (`m_id`);

--
-- Indexes for table `users2`
--
ALTER TABLE `users2`
ADD PRIMARY KEY (`us_id`);

--
-- AUTO_INCREMENT for dumped tables
--

--
-- AUTO_INCREMENT for table `messages`
--
ALTER TABLE `messages`
MODIFY `m_id` int(20) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=3;

--
-- AUTO_INCREMENT for table `users2`
--
ALTER TABLE `users2`
MODIFY `us_id` int(20) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=7;
COMMIT;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;


Login

Login is a user login functionality. It consists of two parts / The first is the classic html form, which we explained in previous tutorials, and the second is the login function.

Login function It allows us, in addition to checking whether the user has entered a good username and password and whether it exists in the database, it also allows us to check what role it has. We also check what privilege it has.

Login function


<?php
session_start();
//done a session and connect to a php fax that allows us to connect to the database
require 'content.php';
//$_POST['login'] get form button on form (index.php)
if (isset($_POST['login'])) {
//POST user get usernamo form form
//Example $admin = $_POST['admin'];
$user = $_POST['user'];
//POST password geti password form form
$password = $_POST['password'];
//Select user and password form database
//procedural php
$u = "SELECT * FROM users2 WHERE user = '$user' AND password = '$password'";
//"$conection" for conection form $conection.php and "p" conection with $u
$p = mysqli_query($conection, $u);
//Number rows
$row=mysqli_num_rows($p);
$userinfo=mysqli_fetch_assoc($p);
//Single printing is not everything from database
$role=$userinfo['role'];
$_SESSION['user']=$user; //get user
$_SESSION['role']=$role;// get role
if($role=='admin'){
//If user login and have reole admin got to admin.php
header('location:home.php');
}
//If user login and have reole user go to user.php (user profile)
if($role=='user'){
header("location:home.php");
}
//If user login and have reole moderator go to moderator.php
if($role=='moderator'){
header('location:home.php');
}
}else{
echo "No User Found by Given Information";
}

Admin page

Admin page in this case it is shown as an example. Here you can see the following functions that the admin page has:

  • User
  • Role
  • Privilege

Admin can see all pages (admin, moderator and user)

Admin page


< ?php
session_start();
require 'connction.php';
if (isset($_SESSION['user']) && $_SESSION['role'] == 'admin'){
$sql1 = "SELECT * FROM users2 where user = '$_SESSION[user]'";
$result1 = mysqli_query($konekcija, $sql1);
$rows = mysqli_fetch_array($result1)
?>

Moderator page

Moderator page in this case it is shown as an example. Here you can see the following functions that the Moderator page has:

  • User
  • Role
  • Privilege

Moderator can see moderator and user pages

Moderator page

  
< ?php
session_start();
require 'connction.php';
if (isset($_SESSION['user']) && $_SESSION['role'] == 'admin' or $_SESSION['role'] == 'moderator'){
$sql1 = "SELECT * FROM users2 where user = '$_SESSION[user]'";
$result1 = mysqli_query($konekcija, $sql1);
$rows = mysqli_fetch_array($result1)
?>
<h2>  User: <b>< ?php echo  $_SESSION['user'];?></b></h2>
<h2>  Role: <b>< ?php echo  $rows['role'];?></b></h2>
<h2>  Privilege: <b>< ?php echo  $rows['privilege'];?></b></h2>
<a href="logout.php"><button class="btn-9"> Logout </button></a>

  

User page

User page in this case it is shown as an example. Here you can see the following functions that the user page has:

  • User
  • Role
  • Privilege
  • User can see onlu user pages

    User page

    
    < ?php
    session_start();
    require 'connction.php';
    $sql1 = "SELECT * FROM users2 where user = '$_SESSION[user]'";
    $result1 = mysqli_query($konekcija, $sql1);
    $rows = mysqli_fetch_array($result1)
    ?>
    <h2>  User: <b>< ?php echo  $_SESSION['user'];?></b></h2>
    <h2>  Role: <b>< ?php echo  $rows['role'];?></b></h2>
    <h2>  Privilege: <b>< ?php echo  $rows['privilege'];?></b></h2>
    <a href="logout.php"><button class="btn-9"> Logout </button></a>
    
    

    Logout

    Logout it allows us to get off the rails. When we do this we are no longer a logged in user and our session is terminated. At that point, you automatically go to the indes.php login page. If we want to work again, we have to go to the ides.php page and log in.

    Logout function (logout.php)

    
    < ?php
    session_start();
    require 'conection.php';
    //The logged-in user session is terminated here
    unset($_SESSION["user"]);
    //Automatically upload to the login page index.php
    header("Location: index.php")
    ?>
    
    

    Content


    Documentation



    Answer the following question:

    You must be logged in


    Advertising