Basic PHP system with user control

I am trying to find simple PHP system that would have user control for multiple roles, would be easy to modify/change to suit needs but providing good security level.

Been looking around but nothing specific has been found yet. Ideally PHP 7 but 5.2+ considered too.

So in short spec:
PHP 5.2+
MySQL DB
User roles (min 3)
Easy to modify
Good documentation

Any thoughts? Got codeigniter on the list but it requires quite a bit of work, was thinking if there is something more suitable.

Seriously, don’t even consider anything less than 5.6. 5.5 hasn’t been supported for over 2 years. Stick to version 7 and up.

3 Likes

Well then it makes even shorter list of such systems/frames?

I guess so, but you don’t want ones that have built-in security issues, do you?

True, but this system would not be used in public, only for internal use. Surely, latest version would make it last longer and as far as I know work faster/more efficient.

So, any examples?

Use laravel Framework !

Any more details why please?

You first because it is very unclear what you are asking for. You mentioned CodeIgniter as a possible candidate but that’s a framework, not a “system”. Plus there are at least three distinct versions of CodeIgniter out there.

You brought up php version but I have no idea where that fits in. Especially since support for all versions of php 5 will end in a few months.

Symfony has a powerful component that supports users and roles. Maybe that is what you are asking for. Maybe not.

2 Likes

I get that you are looking for some kind of “drop in” role addon. What I do not know is what abilities and limitations the different roles would have.

For example:

  • can SELECT from database tables but not UPDATE
  • can read some pages but not others
  • can submit text content but not publish it

etc. I think if you put together a rough outline of what you’re after for the various roles it would be a big help to others in coming up with possible options.

1 Like

Seems that you know the right direction.

At the moment I am not sure yet of how to handle permissions. Each user would have certain pages allowed, but not everyone the same. I.e. if you are mechanic role user, you don’t need access to marketing. But marketing should be split into view & view+edit levels.

Hope this makes sense? To make it simple, I’m thinking of having single (or couple) “edit” buttons per page so there’s less code to load for checking permissions (in comparison of giving ability to edit only certain lines of the list which would increase the length of the code significantly, I think, am I wrong?)

So I think each user’s table would contain column for page permission - i.e. if column “Sales_page” has 0 - user cannot see the page, 1 - user can view only, 2 - user has rights to edit. It sounds quite simple, but it needs to be relatively safe & secure, hence I’m asking for system/frame which would be efficient in such way.

All I could think of is forum, CMS, frameworks etc. that had RBAC (Role Based Access Control) as a part of the whole and not anything that could easily be used separately. Yet I had the feeling that there must be something out there somewhere. So I searched.

I found:

But unless I’m missing something these too are part of a whole.

I’m thinking that instead of analyzing or scavenging existing code it might be easier to write your own. This SitePoint article looks like a good place to start.

Thanks, I’ll have a look at those sites.

As for writing on my own, I do not have such skills yet & concerned it would be ‘safe enough’.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.