Web php admin php access

Simple role based access control example using PHP and MYSQLi

Role based user access control is one of the most significant feature of modern systems. Because its restrict user to show unnecessary information. User access control shows relevant information to user. Only admin or super user has all the rights to see, insert, update and delete information from system.

If I talk about wordpress, it has 4 major user roles which are Administrator, Editor, Author and Contributor. All 4 have different behaviors and access control but administrator user has all the rights in wordpress. User with this role can do anything from writing post to delete post, add theme to delete theme, add user to delete user.

So in this post I will create simple role based access control using php and mysqli.My purpose is to give you an idea about how these types of system develop and I hope this post will be going to help you in your future development.

What I am going to do:

I will create wordpress like user access level in which I will hide and show menu items according to user role.For this I will store user data into session.I will use login and inner page of free html5 bootstrap admin template. I will also break inner page into multiple php files like header, footer, and sidebar.

Admin Template Link:

Folder Structure:

File/Folder	Description
Index.php	This is a login page
Dashboard.php	After successful login, User will land on this page.
Assets Folder	This folder has css, js, bootstarp and plugins file
Inc Folder	This folder has config.php file in which there is a database connection and getUserAccessRoleByID() function.
Layouts Folder	This folder has 3 files footer.php, header,left_sidebar.php. I split static content of admin template in these files.

Источник

Simple Admin Login PHP Script

This is an Admin Login script made with PHP.
It is useful if you want to implement in your site a simple admin login system, without database.
The users are added manually by the Administrator, in the php code of this script. You can add multiple admin-user accounts with a Rank number to each one, so, then you can display content for loged Admin in your site according to its rank.

• To download the script, click on this link: Download Admin Login Script (4 KB).

Code of the script

=9) < $content ='Content for Admin with Rank 9+'; >else if($_SESSION['adminrank'] >=5) < $content ='Content for Admin with Rank 5+'; >else < $content ='Content for logged Admin with rank lower than 5'; >> else < $content ='Content for no logged Admin.'; >echo $content;

Daily Test with Code Example

HTML

CSS

JavaScript

PHP-MySQL

document.getElementById("id_button").onclick = function()< window.open("http://coursesweb.net/"); >

Indicate the PHP function that returns an array with names of the files and folders inside a directory.

$ar_dir = scandir("dir_name"); var_export($ar_dir);

Last accessed pages

1. JavaScript trim, rtrim and ltrim (12509)
2. Working with HTML attributes in PHP (13016)
3. Diamond shape with CSS (3949)
4. Ajax-PHP Rating Stars Script (16535)
5. Zodiac Signs PHP code (6819)

Popular pages this month

1. Courses Web: PHP-MySQL JavaScript Node.js Ajax HTML CSS (499)
2. PHP Unzipper — Extract Zip, Rar Archives (292)
3. SHA1 Encrypt data in JavaScript (245)
4. SHA256 Encrypt hash in JavaScript (228)
5. Read Excel file data in PHP — PhpExcelReader (220)

Источник

Simple PHP Admin Panel (Free Download)

Welcome to a tutorial on how to create a simple PHP admin panel. Since you are reading this, I will assume that you are interested in “powering up” your existing project and want to build an administrative component to it. So here is a sharing of my own – All done in pure HTML, CSS, Javascript, and PHP. No third-party frameworks. Read on!

TABLE OF CONTENTS

PHP MYSQL ADMIN PANEL

All right, let us now get into the details of how to create a simple admin panel with PHP and MySQL.

PART 1) USER DATABASE

-- (A) USERS TABLE CREATE TABLE `users` ( `user_id` bigint(20) NOT NULL, `user_email` varchar(255) NOT NULL, `user_name` varchar(255) NOT NULL, `user_password` varchar(255) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; ALTER TABLE `users` ADD PRIMARY KEY (`user_id`), ADD UNIQUE KEY `user_email` (`user_email`), ADD KEY `user_name` (`user_name`); ALTER TABLE `users` MODIFY `user_id` bigint(20) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1; -- (B) DEFAULT USER -- EMAIL: JOY@DOE.COM | PASSWORD: 123456 INSERT INTO `users` (`user_id`, `user_email`, `user_name`, `user_password`) VALUES (1, 'joy@doe.com', 'Joy Doe', '$2y$10$vZJy7y4uqQQTRN3zdi2RE.5ZJJzGEEPnzEjFXm4nEOx023XQ2Qe..');

• user_id Primary key and auto-increment.
• user_email User email, unique to prevent duplicates.
• user_name User name.
• user_password The user’s password.

PART 2) PHP ADMIN LIBRARY

pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); > // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () < if ($this->stmt !== null) < $this->stmt = null; > if ($this->pdo !== null) < $this->pdo = null; > > // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) : void < $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); > // (D) GET USER BY ID OR EMAIL function get ($id) < $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); > // (E) SAVE USER function save ($name, $email, $password, $id=null) < // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (. )" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) < $data[] = $id; >// (E2) RUN SQL $this->query($sql, $data); return true; > // (F) VERIFICATION function verify ($email, $password) < // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) < $pass = password_verify($password, $user["user_password"]); >// (F3) REGISTER MEMBER INTO SESSION if ($pass) < foreach ($user as $k=>$v) < $_SESSION["admin"][$k] = $v; >unset($_SESSION["admin"]["user_password"]); > // (F4) RESULT if (!$pass) < $this->error = "Invalid email/password"; > return $pass; > > // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();

• (A, B, H) When $_ADM = new Admin() is created, the constructor will connect to the database. The destructor closes the connection.
• (C) query() A helper function to execute an SQL query.
• (D to F) The actual admin functions.
  • get() Get user by ID or email.
  • save() Add or update a user.
  • verify() Verify the given email and password. Register the user into $_SESSION[«admin»] .

  PART 3) LOGIN PAGE

  verify($_POST["email"], $_POST["password"]); > // (C) REDIRECT IF SIGNED IN if (isset($_SESSION["admin"])) < header("Location: 5-protected.php"); exit(); >?> error!="") < echo "?> 
  ADMIN LOGIN
   Email Password 

  

  • (D) A good old HTML login form.
  • (A & B) On submission, we use the library to process the login request.
  • (C) On successful login, we redirect the user to the “main admin page”; Any users who are already signed in will also be redirected.

  Источник

  Simple PHP Admin Panel (Free Download)

  Welcome to a tutorial on how to create a simple PHP admin panel. Since you are reading this, I will assume that you are interested in “powering up” your existing project and want to build an administrative component to it. So here is a sharing of my own – All done in pure HTML, CSS, Javascript, and PHP. No third-party frameworks. Read on!

  TABLE OF CONTENTS

  PHP MYSQL ADMIN PANEL

  All right, let us now get into the details of how to create a simple admin panel with PHP and MySQL.

  

  PART 1) USER DATABASE

  -- (A) USERS TABLE CREATE TABLE `users` ( `user_id` bigint(20) NOT NULL, `user_email` varchar(255) NOT NULL, `user_name` varchar(255) NOT NULL, `user_password` varchar(255) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; ALTER TABLE `users` ADD PRIMARY KEY (`user_id`), ADD UNIQUE KEY `user_email` (`user_email`), ADD KEY `user_name` (`user_name`); ALTER TABLE `users` MODIFY `user_id` bigint(20) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1; -- (B) DEFAULT USER -- EMAIL: JOY@DOE.COM | PASSWORD: 123456 INSERT INTO `users` (`user_id`, `user_email`, `user_name`, `user_password`) VALUES (1, 'joy@doe.com', 'Joy Doe', '$2y$10$vZJy7y4uqQQTRN3zdi2RE.5ZJJzGEEPnzEjFXm4nEOx023XQ2Qe..');

  • user_id Primary key and auto-increment.
  • user_email User email, unique to prevent duplicates.
  • user_name User name.
  • user_password The user’s password.

  PART 2) PHP ADMIN LIBRARY

  pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); > // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () < if ($this->stmt !== null) < $this->stmt = null; > if ($this->pdo !== null) < $this->pdo = null; > > // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) : void < $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); > // (D) GET USER BY ID OR EMAIL function get ($id) < $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); > // (E) SAVE USER function save ($name, $email, $password, $id=null) < // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (. )" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) < $data[] = $id; >// (E2) RUN SQL $this->query($sql, $data); return true; > // (F) VERIFICATION function verify ($email, $password) < // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) < $pass = password_verify($password, $user["user_password"]); >// (F3) REGISTER MEMBER INTO SESSION if ($pass) < foreach ($user as $k=>$v) < $_SESSION["admin"][$k] = $v; >unset($_SESSION["admin"]["user_password"]); > // (F4) RESULT if (!$pass) < $this->error = "Invalid email/password"; > return $pass; > > // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();

  • (A, B, H) When $_ADM = new Admin() is created, the constructor will connect to the database. The destructor closes the connection.
  • (C) query() A helper function to execute an SQL query.
  • (D to F) The actual admin functions.
    • get() Get user by ID or email.
    • save() Add or update a user.
    • verify() Verify the given email and password. Register the user into $_SESSION[«admin»] .

    PART 3) LOGIN PAGE

    verify($_POST["email"], $_POST["password"]); > // (C) REDIRECT IF SIGNED IN if (isset($_SESSION["admin"])) < header("Location: 5-protected.php"); exit(); >?> error!="") < echo "?> 
    ADMIN LOGIN
     Email Password 

    

    • (D) A good old HTML login form.
    • (A & B) On submission, we use the library to process the login request.
    • (C) On successful login, we redirect the user to the “main admin page”; Any users who are already signed in will also be redirected.

    Источник