Magictallguy Posted March 3, 2014 Share Posted March 3, 2014 I present to you: manageable permission-based staff ranks In the old system, they're hard-coded in. Any time you want to give a player/staff member access to something new, you must edit the code. In my new system, you simply edit their Staff Rank in the staff panel and access is granted/denied based on exactly what you want. Screenshots of how this works are available further down in another post (due to original site death). All it uses is 1 SQL table, an addition to the (grpg)users table, and a self-caching function to check staff permissions. I'm open to offers and comes with full installation, custom to your design 1 Quote Link to comment Share on other sites More sharing options...
Razor42 Posted March 3, 2014 Share Posted March 3, 2014 Very nice work. Quote Link to comment Share on other sites More sharing options...
MNG Posted April 25, 2014 Share Posted April 25, 2014 Still selling this? Quote Link to comment Share on other sites More sharing options...
Guest Posted April 25, 2014 Share Posted April 25, 2014 Curious, seems a long way round adding it manually to each page, why not just add in URL's? So in globals it reads the current file name, checks the users session or db and check for access? Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted April 26, 2014 Share Posted April 26, 2014 Curious, seems a long way round adding it manually to each page, why not just add in URL's? So in globals it reads the current file name, checks the users session or db and check for access? I would be curious to see what you mean exactly??? from what I can see with this is that it's similar to what you have done with your MCC API that you created with your `canAccess()` method (sorry if it's the incorrect name). Something like this: public function canAccess($col) { global $db; $sql = "select {$col} from <insert table name here> where userid = {$this->id}"; $r = $db->query($sql); if($db->fetch_row($r) == "yes") { return true; } else { return false; } } Quote Link to comment Share on other sites More sharing options...
Dayo Posted April 26, 2014 Share Posted April 26, 2014 What if you was to do something like this so you dont end up with 100 columns in your database Table User Permissions - ID int - levelName varchar(128) - access varchar(128) sample data 1, "staff", 1111111111111111 2, "moderator", 1101000110000010 3, "user", 0000000000000000 function checkAccess($pageID, $userID) { global $db; if (!ctype_digit($userID)) { return false; } $query = $db->query("SELECT access FROM `userTable` INNER JOIN `userPermissions` ON (`userTable`.`userLevel` = `userPermissions`.`id`) WHERE `userTable`.`id` = ".$userID); if ($db->fetch_assoc($query)["access"][$pageID] == "1") { return true; } else { return false; } } Quote Link to comment Share on other sites More sharing options...
Guest Posted April 26, 2014 Share Posted April 26, 2014 I would be curious to see what you mean exactly??? from what I can see with this is that it's similar to what you have done with your MCC API that you created with your `canAccess()` method (sorry if it's the incorrect name). Something like this: public function canAccess($col) { global $db; $sql = "select {$col} from <insert table name here> where userid = {$this->id}"; $r = $db->query($sql); if($db->fetch_row($r) == "yes") { return true; } else { return false; } } canView(); And that takes into account an array from the module in question. If I was to implement something across the whole of MCC there would be 2 ways I would do it; - Either take file out the url and check against the DB - Or serialise a whole bunch of permissions, then unserialise and put them in a session, however you would need to add code in tons of places. Quote Link to comment Share on other sites More sharing options...
Dave Posted April 26, 2014 Share Posted April 26, 2014 I'd totally just route every page request through some form of access control file. Determine which URL is trying to be accessed, and then check to see if the current user is allowed to access that URL. This wouldn't work if the user was allowed to change certain things but not others. Would take much less time then editing all of the files though. Quote Link to comment Share on other sites More sharing options...
Guest Posted April 28, 2014 Share Posted April 28, 2014 I wouldnt recommend anyone to buy it since a dmca can be sent for using it.... And if mods needs a proof i can provide one happily, just trying to keep you guys safe not trshing the thread , no hard feelings mtg... Sorry what? Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted April 30, 2014 Author Share Posted April 30, 2014 I wouldnt recommend anyone to buy it since a dmca can be sent for using it.... And if mods needs a proof i can provide one happily, just trying to keep you guys safe not trshing the thread , no hard feelings mtg... A DMCA for use my mod that I've allowed? Get a grip of yourself, there's plenty of hard feelings Ibraheem.. Still selling this? Yes. What if you was to do something like this so you dont end up with 100 columns in your database Table User Permissions - ID int - levelName varchar(128) - access varchar(128) sample data 1, "staff", 1111111111111111 2, "moderator", 1101000110000010 3, "user", 0000000000000000 function checkAccess($pageID, $userID) { global $db; if (!ctype_digit($userID)) { return false; } $query = $db->query("SELECT access FROM `userTable` INNER JOIN `userPermissions` ON (`userTable`.`userLevel` = `userPermissions`.`id`) WHERE `userTable`.`id` = ".$userID); if ($db->fetch_assoc($query)["access"][$pageID] == "1") { return true; } else { return false; } } The way I've done it uses its own table with only 1 addition to the (grpg)users table. The reason I've not routed it through an access file is due to a security flaw that would arise by using encrypted URLs - you simply can't beat hard-coded methods when it comes to things like that. Quote Link to comment Share on other sites More sharing options...
Karma Posted January 4, 2020 Share Posted January 4, 2020 I really wish I could see the out come of this, there is no images with that link you sent MagicalGuy. ? Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted January 4, 2020 Author Share Posted January 4, 2020 That domain is no longer registered, nor do I have the original screenshots. Here's a couple of screenshots from a game where it's been extensively implemented. Ranks: Index Ranks: Add New (1) Ranks: Add New (2) Ranks: View (1) Ranks: View (2) Ranks: Edit (1) Ranks: Edit (2) Deletion has an interstitial confirm dialog then redirects back to Rank Index upon confirmation/cancellation. 4 Quote Link to comment Share on other sites More sharing options...
Karma Posted January 4, 2020 Share Posted January 4, 2020 8 hours ago, Magictallguy said: That domain is no longer registered, nor do I have the original screenshots. Here's a couple of screenshots from a game where it's been extensively implemented. Ranks: Index Ranks: Add New (1) Ranks: Add New (2) Ranks: View (1) Ranks: View (2) Ranks: Edit (1) Ranks: Edit (2) Deletion has an interstitial confirm dialog then redirects back to Rank Index upon confirmation/cancellation. Nice job hon.. Thank you for the screenshots. Quote Link to comment Share on other sites More sharing options...
WarMad Posted April 30, 2022 Share Posted April 30, 2022 On 3/3/2014 at 11:21 AM, Magictallguy said: I present to you: manageable permission-based staff ranks In the old system, they're hard-coded in. Any time you want to give a player/staff member access to something new, you must edit the code. In my new system, you simply edit their Staff Rank in the staff panel and access is granted/denied based on exactly what you want. Screenshots of how this works are available further down in another post (due to original site death). All it uses is 1 SQL table, an addition to the (grpg)users table, and a self-caching function to check staff permissions. I'm open to offers and comes with full installation, custom to your design its not here anymore any chance you still have it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.