Home/ Questions/Q 5945807
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T16:44:00+00:00

I’m developing a login system for the backend. There will be a number of

  • 0

I’m developing a login system for the backend.

There will be a number of user levels / permissions to do certain task.

A member can have 1 or more levels.

What are the best architecture to do this?

I came with these solution:

Tables:

Group
 - group_id (P)
 - group_name

Group_User
- group_id (F)
- user_id

And how link with OOP approach?

OOP Design I have come up with:

class User {

private $privateSalt = "Don't Tell Anyone! Q£$£$^$";

public function newAccount($email, $password, $firstName, $lastName) { }

public function login($email = 0, $password = 0) { }

private function _setSession($data) {
    $_SESSION['logged_in'] = true;
    $_SESSION['member_id'] = $data['member_id'];
    $_SESSION['email'] = $data['email'];
    $_SESSION['first_name'] = $data['first_name'];
}

public function logout() { }

public function isLoggedIn() { }

}

It is not necessary to declare User details in the OOP properties because I Have stored in the session?
Also if user refresh the page, it is recommended to check user $_SESSION[‘member_id’] against to the database again?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A login system is actually pretty easy to do, but very difficult to do well. Implementing password recovery mecanisms, user account administration for both users and admin, mutliple roles that can be added and edited, all that of course needs to be done in a secure fashion.
    Add to that OAuth and OpenID , login systems are one of the most complicated parts of many moderns applications.

    I would consider looking at how others have tackled the problem, there are libraries and components such as Zend_Acl that can help ease the task a lot and make you avoid some basic issues you will encounter. That being said, DO explore the ideas you have, I mean it’s great what you are doing and I am not at all saying this to discourage you. I started on the same exact path you are on, many years ago.

    That being said, I have a few questions to ask on your new design. The newAccount function, are those the only parameters needed for that function? You can consider passing objects to functions that require many parameters, that way you can benefit from type hinting. The function login(), why the parameters set to default 0? Are those really default values for that function? At first glance maybe better would be $email=null and $password=null, but can one login with no email/password? If your application logic relies on having those values set, it’s ok to have a function signature that enforces the logic. I think it’s great, though keep up the initiative and be curious.

    Happy coding, friend

    • 0