role_restrictions_detailed_example.php

1. <?php
2.  
3.   include_once('class_role_restrictions.php'); // can be obtained from: http://pastebin.com/VubBkakb
4.   include_once('better_mysqli.php');           // can be obtained from: http://pastebin.com/ATyzLUfK
5.  
6.   // == open a connection to the database that contains the required role tables ==
7.   /* Notes:
8.        - The class_role_restrictions.php class requires an open mysqli database object that was opened with
9.          the better_mysqli class.
10.        - However, you can use the $mysqli object in the same way that you are used to because the better_mysqli
11.          class extends the mysqli class and uses the same constructor.
12.        - Refer to this post if you are interested in using the features that the better_mysqli class offers
13.          in your own projects:  *** URL HERE
14.    */
15.   $mysqli = new better_mysqli('your_server', 'your_user', 'your_pass', 'your_db_name');
16.   if (mysqli_connect_errno()) {
17.      error_log(sprintf("Can't connect to MySQL Server. Errorcode: %s\n", mysqli_connect_error()));
18.      exit;
19.   }
20.  
21.  
22.   // == instantiate the role object ==
23.   //    Pass in the better_mysqli database object.
24.   //    pass in the URL to this page (or the page you want to return to when leaving the role admin page)
25.   $role = new role_restrictions($mysqli, 'http://your_server.com/path/to/this/page/example.php');
26.  
27.  
28.   // == Accessors to change any of the default options ==
29.   //    Note: I am just setting what are already the defaults so you don't actually need to keep these unless you want to change something
30.   $role->set_debug(false);  // set to true if you would like a verbose output of what this thing is doing
31.   $role->set_dbprefix('');  // If you created the required role tables with a common prefix then specify it here. e.g tables: project_1_role_types and project_1_role_assignments then the prefix would be 'project_1_'
32.   $role->set_display_title('Role Admin Page'); // The title displayed in the browser address bar and the top of the admin page.
33.   $role->set_admin_functions(array('types','assignments'));  // set which features to display in the role admin page.  types == add/remove role names and description, assignments == add users to and remove users from existing roles
34.  
35.  
36.   // == Access the admin interface for the first time! ==
37.   /* Notes:
38.      -- Browsing to this page will always load the role admin interface until you remove: $role->draw-admin_page();
39.      -- Takes you straight into the roles admin interface so that you can add the initial roles and assign users to those roles.
40.      -- You should create a 'role_admin' user and assign yourself to that role,  the examples further below assume this is what you have done.
41.  
42.      **IMPORTANT**
43.      Delete this once you have created the intial roles.
44.  
45.   */
46.   $role->draw_admin_page();
47.  
48.  
49.   // == Access the admin interface after it is already setup ==
50.  
51.   //    IMPORTANT:
52.   //    You should take steps to secure the entire page from unauthorized access when using the 'process_any_commands' method as anyone who
53.   //    knows how the class works could access the admin role interface with simple modifications to their query string!!!!
54.  
55.   $role->restrict_to('role_name', 'username_currently_logged_in'); // stops script execution here if username given is not a member of role name given !!!!
56.   $role->process_any_commands(); // tell the class to look for specific post key/values
57.  
58.   // create a link that will load the role admin interface:
59.   ?>
60.   <a href="url_to_this_page.php?doCmd=draw_role_restrictions_admin_page">Role Admin Interface</a>
61.   <?php
62.  
63.  
64.  
65.   // == Restrict an entire page to authorized users only ==
66.   /* Notes:
67.      -- If the username given is not a member of the role(s) given then
68.         script execution is stopped and a message is displayed.
69.      -- The first parameter is a string whose value is the role name or names
70.         of roles that the username given must be a member of.  The delimiter used
71.         to separate each of the allowed roles can be a space and/or comma (see example below)    
72.        
73.   */
74.   $role->restrict_to('role_name, to_restrict user_to', 'username_currently_logged_in');
75.   // .. now do stuff that only users in any of the roles listed are allowed to do
76.  
77.  
78.  
79.   // == Only do certain things if the username given is a member of any of the roles given ==
80.   if( $role->has_role('a_list, of_roles, allowed', 'username_currently_logged_in') ){
81.       // .. do stuff that only users in the given role(s) are allowed to do ..
82.   }
83.  
84. ?>