I am creating an web application and I at the point that i am starting to make backend choices. Now there are a lot of ways to go with this, so I am looking for some good points and back practices.
Some of the question i have involve:
- Should i make a seperate table in the db for admin users
- Should i extend make some classes to load the admin data and the normal data, or make seperate classes for the admin section
- Where can i get some information on making different types of users
- Just some best practices for a backend
My application is written in PHP with an MySQL database.
Keeping a separate table for admin users is nice, but only if those admin users aren’t “regular” users as well – otherwise you’ll step on your own toes trying to keep usernames/IDs unique but somewhat connected.
A couple things to consider:
Apache authentication (or Windows accounts on IIS) for admin users. Separate system entirely, but allows for overlap – a regular user can be a regular user, but they can’t access any admin functionality until they authenticate through the browser. Works fine if you only have a couple specific kinds of user role (e.g. member & administrator only).
All users in one table, but with roles and permissions separate. This is the most flexible because you can get as granular as you need. For example, any user can “post comments,” while an admin can “delete comments” and “ban users,” but a moderator can only “suspend comments” and “mute users.” As you add new features, it’s simply a matter of implementing some new permissions & assigning them to the roles. Drupal‘s access control does this really well, worth a close look.