User Management and Privileges - PHP

Okay, we've spend enough time on PHP4's session management, all you really need to get out of that was the two functions session_start() and session_register(). Let's get back to the issue of keeping track of users.

PHP can help us keep track of sessions, and group requests from the same session together. Now, we have to do our part and associate user accounts with these sessions. We will use a variable called SESSION["user"] to keep track of user information. When a user logs in, we will put their information into this variable. As long as this variable is defined, we will assume that a user has logged in. When a user logs off, we will clear out this variable.

Specifically, we will keep the following information about the user:

• SESSION["user"]["username"] This is the user's login ID (their nick name if you will), and it is how we tell users apart from each other.
• SESSION["user"]["firstname"] The user's firstname.
• SESSION["user"]["lastname"] The user's lastname.
• SESSION["user"]["email"] The user's email address.
• SESSION["user"]["priv"] The user's privilege level.

Let's talk a bit about the privilege levels. We are going to have two levels of security: (1) normal customers and (2) administrative users. Normal customers can use the system, browse through the catalog, and do other customer functions. Administrators can do everything a normal user can do, but also has the ability to perform system administrative functions (e.g. everything from part 1 of this guide). In real life, there are probably many more privilege levels that you want defined but we are going to keep things simple here.

This is all fine and dandy, but where do we get this user information from? We need to have a way to store all the users on the system, and the perfect place for that would be in the database. We're going to create a users table to hold all our users.