Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Special Interests > Visual Media > Web Design and Development

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 19, 2012, 11:47 AM   #1
jacob.3336
macrumors newbie
 
Join Date: Jul 2012
PHP admin control panel

I am currently making my website. I have a "Type" column in my users table in my database. For most users it says "Standard" in the type column but for me and a few other uses, it says "Admin". Does anybody know the best and most secure way to give users with "Admin" in the type column access to special admin control pages without giving access to standard users.

jacob.3336 is offline   0 Reply With Quote
Old Nov 20, 2012, 06:59 AM   #2
SrWebDeveloper
macrumors 68000
 
SrWebDeveloper's Avatar
 
Join Date: Dec 2007
Location: Alexandria, VA, USA
 
Does your website have a third party CMS under the hood?

If yours is a DIY web site, the essential elements in writing a basic permissions system to control access to content could be (one of many ways):

Roles table defining fields role ID and name (1="Admin",2="Standard", etc)
Users table joining role table based on role ID
Content table with content and field which defines which roles ID are permissed.

When the user visits a given page, a permissions check function is called which queries their role ID and permissed role ID's and ensures a match and display content. Otherwise deny access to the page.

Most custom CMS's follow this same basic procedure except some of them groups content into content types as an easy way to invoke permissions, or they create SDK's or API's which make it easier for developers to query user/content/role data without SQL statements. As you mentioned you prefer the "best and most secure" way - be aware of these pitfalls in your design:

Try to avoid shortcuts like storing roles only in cookies. Cookies are easily spoofed. Use sessions (which also involve cookies) with limited information such as user ID and a hash with a hash table and session expiry on the back end. Make sure all forms are protected from SQL injection and follow basic XSS procedures to ensure safe session control. These are reasons folks use third party CMS's.

Hope this helped you in terms of generic, high level view of things.
__________________
Jim Goldbloom
Sr. Web Developer, owner GoldTechPro, LLC
http://www.GoldTechPro.com

Last edited by SrWebDeveloper; Nov 20, 2012 at 07:23 AM. Reason: Added some info about roles.
SrWebDeveloper is offline   0 Reply With Quote

Reply
MacRumors Forums > Special Interests > Visual Media > Web Design and Development

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Are you using control panel? Black Magic iOS 7 30 Apr 14, 2014 05:07 PM
iCloud Control Panel memberpersonal iPhone 4 Mar 19, 2014 10:45 AM
What is the iCloud Control Panel Garbage? sunsetblow Mac Applications and Mac App Store 14 Dec 10, 2013 08:44 AM
Mac crashes when using control panel, expose or mission control AdamTwosleeves Mac OS X 10.7 Lion 1 Aug 21, 2012 11:17 PM
Nvidia Control Panel CPU OC..? SirFoxx MacBook 3 Jul 9, 2012 05:52 PM

Forum Jump

All times are GMT -5. The time now is 02:34 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC