Implementing permissions in PHP
https://stackoverflow.com/questions/17172
-
08-06-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've tried to do this several times with no luck. After reading this post, it made me interested in doing this again. So can anyone tell me why the following doesn't work?
<?php
$guest = 1;
$editor = 2;
$admin = 4;
$user = $editor;
if( $user == ($editor | $admin) ) {
echo "Test";
}
?>
Solution
Use the bitwise OR operator (|) to set bits, use the AND operator (&) to check bits. Your code should look like this:
<?php
$guest = 1;
$editor = 2;
$admin = 4;
$user = $editor;
if( $user & ($editor | $admin) ) {
echo "Test";
}
?>
If you don't understand binary and exactly what the bitwise operators do, you should go learn it. You'll understand how to do this much better.
OTHER TIPS
It's been a long time since I used PHP, but I will assume that this will work:
<?php
$guest = 1;
$editor = 2;
$admin = 4;
$user = $editor;
if( ($user == $editor) || ($user == $admin) ) {
echo "Test";
}
?>
I've used this in error reporting and it works quite well. As for user permissions it should work very well - you could have several columns for each user permission in your database or one userlevel column in your database. Go for this option.
(2 | 4) is evaluating to 6, but 2 == 6 is false.
@mk: (2 | 4) evaluates to 6.
$guest = 1;
$editor = 2;
$admin = 4;
$user = $editor;
if (user == $editor || $user == $admin) {
echo "Test";
}
Awesome, this seems like the best way to do permissions in a CMS. Yes? No?
Maybe, I've never really done it that way. What I have done is used bitwise operators to store a whole bunch of "yes or no" settings in a single number in a single column in the database.
I guess for permissions, this way would work good if you want to store permissions in the database. If someone wants to post some content, and only wants admins and editors to see it, you just have to store the result of
($editor | $admin)
into the database, then to check it, do something like
if ($user & $database_row['permissions']) {
// display content
} else {
// display permissions error
}
In my opinion this doesn't scale well. I haven't actually tried using it on a large scale project, but a CMS sounds way to complicated to use this on.
It always depends on what you need. If you know the Zend Framework already, then I'd second the Zend_Acl/_Auth suggestion which was made earlier. But keep in mind that every framework propably comes with a similar component.
The other thing that comes to mind is LiveUser. I like working with it a lot as well.
I think you can do pretty much anything and while your approach looks very simple, it's also limited since (through all those if()'s) you are gonna put a lot of the ACL-logic right in the middle of your application. Which is not the greatest thing to do in order to keep it simple and extendible. ;)
