Simple role based access control example using PHP and MYSQLi

Role based user access control is one of the most significant feature of modern systems. Because its restrict user to show unnecessary information. User access control shows relevant information to user. Only admin or super user has all the rights to see, insert, update and delete information from system.

If I talk about wordpress, it has 4 major user roles which are Administrator, Editor, Author and Contributor. All 4 have different behaviors and access control but administrator user has all the rights in wordpress. User with this role can do anything from writing post to delete post, add theme to delete theme, add user to delete user.

So in this post I will create simple role based access control using php and mysqli.My purpose is to give you an idea about how these types of system develop and I hope this post will be going to help you in your future development.

What I am going to do:

I will create wordpress like user access level in which I will hide and show menu items according to user role.For this I will store user data into session.I will use login and inner page of free html5 bootstrap admin template. I will also break inner page into multiple php files like header, footer, and sidebar.


Admin Template Link:

https://startbootstrap.com/template-overviews/sb-admin/

Folder Structure:

role based folder structure

File/Folder Description
Index.php This is a login page
Dashboard.php After successful login, User will land on this page.
Assets Folder This folder has css, js, bootstarp and plugins file
Inc Folder This folder has config.php file in which there is a database connection and getUserAccessRoleByID() function.
Layouts Folder This folder has 3 files footer.php, header,left_sidebar.php. I split static content of admin template in these files.

Create database:

Mysql Tables with Data:

Database Connection (config.php):

Config file has database connection and getUserAccessRoleByID function which takes user_role id and returns role name.

Login Page (index.php):

I use session_start() function on very first line then include config file which is under inc folder. Then on the next line there is a login condition that match email and password into the table and if user and password exist then I will create session and send user to dashboard.php page otherwise I already set error. I pass whole row except password to the $_SESSION. After that you will see 2 more conditions,one is for logout and second is for displaying direct dashboard access restriction message. After that there is html.

Dashboard Page (dashboard.php):

In the dashboard.php first I start a session, then I add a condition in which, if any user try to access dashboard.php directly he/she will return to login page. Then I include 3 files config.php, header.php and left_sidebar.php. getUserAccessRoleByID() function get the user role id and return role name.


Left Sidebar (left_sidebar.php):

$_SESSION['user_role_id'] holds user role id. I put static condition on left sidebar menu items according to user role. Posts is the only item which are visible to every one so there is no need to wrap it under condition. Pages and categories are only hide from Contributor. Appearance and Components section are available for Administrator and Editor. Settings section is only available to Administrator user.


Also read:

 

Posted in PHP

Author: Ahsan Zameer

I am a web developer and love to search new stuff on web. Trying different approaches and ideas to make web developing more interesting and enjoyable.