Securing Your PHP Application: A Comprehensive Tutorial on User Access Restriction

Submitted by oretnom23 on Monday, December 4, 2023 - 10:59.

Discover in this guide how to effectively control User Access Restrictions within a web application using the PHP programming language. This tutorial serves as a valuable resource for students and beginners in PHP, offering insights and techniques for developing web applications. Follow the outlined steps to implement user access restrictions, ensuring that certain pages or features of your PHP project are accessible only to authorized users.

What is the importance of implementing User Access Restrictions in a web application?

Enforcing user access restrictions in a web application is essential for various reasons, with a primary focus on enhancing security, safeguarding privacy, and ensuring a regulated user experience.

Learn the necessary steps to implement User Access Restriction:

Step 1: Incorporate User Role Identification in the Database

Initiate the process by adding a column to your user table in the database, housing the user's role value. This new column plays a crucial role in swiftly identifying and determining the role of the logged-in user.

Illustrated below is an example of the user table structure in MySQL:

  1.     CREATE TABLE `users` (
  2.         `id` int(11) AUTO_INCREMENT NOT NULL,
  3.         `name` text NOT NULL,
  4.         `username` text NOT NULL,
  5.         `password` text NOT NULL,
  6.         `user_type` varchar(20) NOT NULL,
  7.         `created_at` datetime NOT NULL DEFAULT current_timestamp(),
  8.         `updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp()
  9.       ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

Step 2: Make sure that User Role is included in Session

Next, You will need to make sure that you have included the user's role on the stored session of your web application. Here's an example of this step:

  1. <?php
  2. if($_SERVER['REQUEST_METHOD'] == "POST"){
  3.     $login = $actionClass->login();
  4.     if(!empty($login)){
  5.         foreach($login as $meta_field => $meta_value){
  6.             if($meta_field == 'password')
  7.                 continue;
  8.             $_SESSION[$meta_field] = $meta_value;
  9.         }
  10.         echo "<script>location.replace('./');</script>";
  11.         exit;
  12.     }else{
  13.         $_SESSION['flashdata'] = [
  14.             'type' => "danger",
  15.             'msg' => 'Incorrect username or password'
  16.         ];
  17.         $err = true;
  18.     }
  19. }
  20. ?>

Step 3: Develop a Function for Access Restriction Checking

Subsequently, craft a new PHP function containing the logic to assess whether the current logged-in user has the authorization to access specific pages or features within the application or system. Embed this function across all pages or action scripts where user access needs to be restricted. Below is an example snippet of the function within a class:

  1. <?php 
  2. class SampleClass{
  3.     /**
  4.     * Check Permission
  5.     */
  6.     public function check_restriction($role=""){
  7.         if(!empty($role) && isset($_SESSION['user_type'])){
  8.             if($role == $_SESSION['user_type'])
  9.                 return true;
  10.         }
  11.         return false;
  12.     }
  13. }
  14. ?>

On the desired page that requires security or limitation, implement the following:

  1. <?php 
  2. require_once("SampleClass.php");
  3. $SampleClass = new SampleCLass();
  4. if(!$SampleClass->check_restriction('admin')){
  5.     echo "<script>alert('You are not allowed to access this page!');location.replace('./')</script>";
  6.     exit;
  7. }
  8. ?>

There you have it! Those are the straightforward steps to implement user access restrictions in a PHP-based web application. I've also developed a sample web application featuring login functionality, CRUD operations, and user access restriction to illustrate the steps outlined in this tutorial. You can download the complete source code zip file from this website, available for free. Look for the download button below the tutorial content.

The sample web application encompasses the following features:

  • Login and Logout
  • Product Management
    • List All Products
    • Add New Product
    • Update Product Details
    • Delete Product (Admin only)
  • User Management (Admin only)
    • List All Users
    • Add New User
    • Update User Details
    • Delete User

Snapshots

Explore some snapshots of the application:

Login Page

Restricting User Access in PHP

Product Page

Restricting User Access in PHP

User Page

Restricting User Access in PHP

Sample Restriction Message

Restricting User Access in PHP

Feel free to download and customize the source code to elevate your programming skills and knowledge.

For further insights into securing your web application projects, check out these additional articles:

Explore more on this website for more Tutorials, Free Source Codes, and Articles covering varios programming languages.

Happy Coding =)

Tags

Add new comment

About text formats
  • 634 views