Simple role based access control example using PHP and MYSQLi

Role based user access control is one of the most significant feature of modern systems. Because its restrict user to show unnecessary information. User access control shows relevant information to user. Only admin or super user has all the rights to see, insert, update and delete information from system.

If I talk about wordpress, it has 4 major user roles which are Administrator, Editor, Author and Contributor. All 4 have different behaviors and access control but administrator user has all the rights in wordpress. User with this role can do anything from writing post to delete post, add theme to delete theme, add user to delete user.

So in this post I will create simple role based access control using php and mysqli.My purpose is to give you an idea about how these types of system develop and I hope this post will be going to help you in your future development.

What I am going to do:

I will create wordpress like user access level in which I will hide and show menu items according to user role.For this I will store user data into session.I will use login and inner page of free html5 bootstrap admin template. I will also break inner page into multiple php files like header, footer, and sidebar.


Admin Template Link:

https://startbootstrap.com/template-overviews/sb-admin/

Folder Structure:

role based folder structure

File/Folder Description
Index.php This is a login page
Dashboard.php After successful login, User will land on this page.
Assets Folder This folder has css, js, bootstarp and plugins file
Inc Folder This folder has config.php file in which there is a database connection and getUserAccessRoleByID() function.
Layouts Folder This folder has 3 files footer.php, header,left_sidebar.php. I split static content of admin template in these files.

Create database:

Mysql Tables with Data:

Database Connection (config.php):

Config file has database connection and getUserAccessRoleByID function which takes user_role id and returns role name.

Login Page (index.php):

I use session_start() function on very first line then include config file which is under inc folder. Then on the next line there is a login condition that match email and password into the table and if user and password exist then I will create session and send user to dashboard.php page otherwise I already set error. I pass whole row except password to the $_SESSION. After that you will see 2 more conditions,one is for logout and second is for displaying direct dashboard access restriction message. After that there is html.

Dashboard Page (dashboard.php):

In the dashboard.php first I start a session, then I add a condition in which, if any user try to access dashboard.php directly he/she will return to login page. Then I include 3 files config.php, header.php and left_sidebar.php. getUserAccessRoleByID() function get the user role id and return role name.


Left Sidebar (left_sidebar.php):

$_SESSION['user_role_id'] holds user role id. I put static condition on left sidebar menu items according to user role. Posts is the only item which are visible to every one so there is no need to wrap it under condition. Pages and categories are only hide from Contributor. Appearance and Components section are available for Administrator and Editor. Settings section is only available to Administrator user.


Also read:

 

Posted in PHP

7 Replies to “Simple role based access control example using PHP and MYSQLi”

  1. Parse error: syntax error, unexpected ‘global’ (T_GLOBAL) in /Applications/XAMPP/xamppfiles/htdocs/!delete_demo/config.php on line 17

    1. Found the same issue. Fixed by changing line 15 from functiongetUserAccessRoleByID($id) to function functiongetUserAccessRoleByID($id)

  2. hello sorry for me very bad english, i have a question, why not use only if($_GET[‘lmsg’] == true), on direct dashboard access restriction message? rather than if(isset($_GET[‘lmsg’]) && $_GET[‘lmsg’] == true)

  3. Code working well with me..
    but how about if I got button like add/delete/update and 1 user id got diff role to use this button.
    exm : Department Human Resource
    John as staff only can update profile
    Doe as supervisor can update / add new profile
    Zack as manager have the right to add and delete any profile.

    exm : Department Finance
    John as Account Clerk only add new invoice
    Doe as supervisor can add and update invoice
    Zack as manager have the right to add and delete any invoice.

    Sorry for my bad english and long question.

Leave a Reply

Your email address will not be published. Required fields are marked *