Building a Simple User Permission Management System with PHP

In a blog system, user permission management and control are essential for ensuring that actions align with user roles and for protecting system security. This guide demonstrates how to create a straightforward but robust permission management system using PHP, providing code examples throughout.

Database Design

Two tables are required: users for storing user information and permissions for defining available permissions. The users table holds fields such as username, password, and role ID, while the permissions table records each permission's name and description.

CREATE TABLE users (<br/>    id INT(11) PRIMARY KEY AUTO_INCREMENT,<br/>    username VARCHAR(50) NOT NULL,<br/>    password VARCHAR(255) NOT NULL,<br/>    role_id INT(11) NOT NULL,<br/>    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,<br/>    UNIQUE KEY `username` (`username`)<br/>);

CREATE TABLE permissions (<br/>    id INT(11) PRIMARY KEY AUTO_INCREMENT,<br/>    name VARCHAR(50) NOT NULL,<br/>    description VARCHAR(255) NOT NULL,<br/>    UNIQUE KEY `name` (`name`)<br/>);

User Login and Authentication

The login process uses a username and password. The following example shows a basic login page that starts a session, checks for a POST request, retrieves credentials, and (TODO) validates them against the database. Upon successful authentication, the username is stored in the session and the user is redirected.

// login.php<br/>session_start();<br/>if ($_SERVER["REQUEST_METHOD"] == "POST") {<br/>    $username = $_POST["username"];<br/>    $password = $_POST["password"];<br/>    // TODO: validate credentials in the database<br/>    $_SESSION["username"] = $username;<br/>    header("Location: index.php");<br/>    exit;<br/>}

Roles and Permissions Management

Each user has a role_id linking to a role record. Roles are stored in a roles table, and a many‑to‑many relationship between roles and permissions is represented by a role_permissions junction table.

CREATE TABLE roles (<br/>    id INT(11) PRIMARY KEY AUTO_INCREMENT,<br/>    name VARCHAR(50) NOT NULL,<br/>    UNIQUE KEY `name` (`name`)<br/>);

CREATE TABLE role_permissions (<br/>    role_id INT(11) NOT NULL,<br/>    permission_id INT(11) NOT NULL,<br/>    PRIMARY KEY (role_id, permission_id),<br/>    CONSTRAINT `fk_role_permissions_roles` FOREIGN KEY (role_id) REFERENCES roles(id),<br/>    CONSTRAINT `fk_role_permissions_permissions` FOREIGN KEY (permission_id) REFERENCES permissions(id)<br/>);

Checking User Permissions

After login, each protected action should verify the user's permissions. The example below shows a simple permission‑checking function and its usage in an index page.

// index.php<br/>session_start();<br/>if (!isset($_SESSION["username"])) {<br/>    header("Location: login.php");<br/>    exit;<br/>}<br/>// TODO: retrieve permission list based on the user's role<br/>function checkPermission($permissionName) {<br/>    // TODO: check if the permission exists in the user's list<br/>    return true; // user has permission<br/>}

Permission‑Based Access Control

Using the permission‑checking function, the admin page restricts access to users who have either the "edit_article" or "delete_article" permission.

// admin.php<br/>session_start();<br/>if (!isset($_SESSION["username"])) {<br/>    header("Location: login.php");<br/>    exit;<br/>}<br/>if (!checkPermission("edit_article") && !checkPermission("delete_article")) {<br/>    header("Location: index.php");<br/>    exit;<br/>}<br/>// display admin article management page<br/>// TODO: your code

By following these steps—designing the database, implementing login, defining roles and permissions, and adding permission checks—you can build a functional user permission management system for a blog. The example is simple, but it can be extended to meet more complex requirements.

Conclusion

User permission management is crucial for security and flexible control. This guide provided PHP code snippets and architectural guidance to help readers implement and expand a permission system tailored to their blog applications.