Well i am building management system for my company. the part i wanted to know is how to manage users on what they can do on the content. What i wanted to do is when authorized user sign up a user how can he make that new user to view/READ the contents only and deny CREATE, UPDATE, and DELETE activities? need help in fast! Thanks! This is a sign up page i have:
<fieldset>
<legend><h2 align='center'>Create User</h2></legend>
<div align='center'>
<form action='new_main_signup.php' method='post'>
<input type='text' name='username' placeholder='Username' /><br>
<input type='password' name='password' placeholder='Password' /><br>
<input type='password' name='Confirmpassword' placeholder='ConfirmPassword' /><br><br>
<input type='submit' name='submit' value='Create'>
</div>
<span class='spanclass1'>".
errors().
form_errors($errors)
."</span>
There are many different ways to tackle this, but I believe this is the simplest method.
First create a field in your table for "permissions".
Then you can use permission levels to determine what people can and cannot see or do.
For example, you might have "Admin" level, "Staff" level, "Member" level
Then assign permissions to a user on sign up and record it to the database reord along with the member's other information. IE: Member
Upon successful login create a session variable for the visitor while logged in. IE: $_SESSION['loggedinuser'] = $row['permission']
Then on your pages you can use that session to determine what he/she can see.
Example:
if($_SESSION['loggedinuser'] == 'Admin') {
// show admin content
}
if($_SESSION['loggedinuser'] == 'Member') {
// show member content
}
etc.