PHP OOP Login/Register System: Permissions (Part 22/23)

Great tutorial, one of the best which I've found on the net. I really recommend it to all php users, especially to beginners as it describes complete process of building on one php application. Very good job

mrsinisaaaa

6:00 after PHP 7.4 this is gonna give error message after you switch back group from 2 to 1. 6:57

" Notice: Trying to access array offset on value of type null in ..."

This happens because $permissions is not null but the index '$key' does not exist. Previous versions of PHP may have been less strict on such mistakes and silently swallowed the error while 7.4 does not do this anymore. To solve this issue use the isset function and ternary operator as follows:

? $permissions[$key] : 0) {
return true;
}

Tuttigiu

Hey, Thank you for doing all of this, I love the series, I love the channel, :)

abdelouery

Thank you Alex ! its an awesome series for sure, i have learnt much!

allyabdulhakim

Is there anything wrong to do it like this?

if(isset($permissions[$key])) {
     return true;
}

Without isset() didn't worked very well when i added new group called Moderator and changed it to my group.

I cannot see why this wouldn't work like this but if you spot any security issues, please let me know.

nacoxify

Alex! You're a boss. Cheers mate!   

tonyblack

It's important to use double quotes for the json values in group table..

MrLangam

Hi, thanks for all. but i have problem. i need to get from another table something calls news. how can i do it?

muhammadrustamzada

The way permissions are checked in this video has some (serious) issues.

If the group the user is in has no permissions $permissions will actually become _null_ instead of an empty array. This is probably why no notices were generated when checking for nonexisting permissions?

If the group the user is in has permissions and you check against a permission this group is lacking (or simply check for a nonexisting permission) you will get an undefined index notice provided your error_reporting is on and you actually display errors.

An alternative mentioned in the comments is to do something like:
if (isset($permissions[$key])) {
    return true;
}
But this is also wrong because it will return true regardless of the _value_ of $permissions[$key]. Say for example you have "moderator": 0 in your json data a check with isset() will still return true!

The solution I use instead of the if-statement is:
return !empty($permissions[$key]);
This will both check for the existense of the key and a non-"false" value. Which is what we want.

Better yet: *test your solutions more thoroughly*

fml

I have almost watched through the entire series, but why do you specify what table to use in in the User class. I thought the code was supposed to be _reusable_ for other projects?

ExgaGaming

If user is logged out, you have error in User.php, function hasPermission. It tries to call User class, which actually doesn't exists, because user is logged out. So, you have to add something like:


public function hasPermission($key) {
if ($this->exists()) {
$group = $this->_db->get('groups', array('id', '=', $this->data()->group));

if ($group->count()) {
$permissions = json_decode($group->first()->permissions, true);

if ($permissions[$key] == true) {
return true;
}
}
}
return false;
}

dww

if anyone is have having a problem with json_decode make sure your database 'permissions' column uses {} instead of ().

blakebacon

hey guys! I am new to php so would like some assistance. I am thinking about doing a music business where I have 3 groups. Each group can access different content, how would I do this in php? Someone mentioned below to use the $key variable? Can someone provide some examples?

pianoLee-sxdx

I have 3 levels, 1  User ;   2  Moderator  ;  3 Administrator
But when I register it an account it shows group 0 instead of 1 for User, what have I done wrong ?

j.sleeka

When i put $db->getInstance()->first('domains', array('id', '=', *1.21, 2); in a permission check if statement, it doesn't work. Does anyone know how to fix this, or what the cause is?

Example:
echo $db->getInstance()->first('domains', array('id', '=', *1.21, 2);
This will output the value, but if i do it like this:

echo $db->getInstance()->first('domains', array('id', '=', *1.21, 2);
}
It returns a empty string.

the-haguetech

How to make like, echoing all user groups.

Like: You're an administrator and another group etc..

DJBassner

What would I do if I want Moderators to not  be able to see things that Admins can but standard users cant

IAmIceT

Notice:Undefined property: stdClass::$permissions.
Does anyone know how to solve that

isaacbiadoo

Got to the very end, and ran into one issue. In the hasPermission function in User.php I have studied the code and I can't find what is wrong. I keep getting the following error: "Notice: Undefined property: stdClass::$group in on line 102." My line 102 reads: "$group = $this->_db->get('groups', array('id', '=', $this->data()->group));".

brucekoehler

Alex, whenever I change my users group by editing the value in phpmyadmin, it changes the salt value automatically and i get the error:

"Warning: #1366 Incorrect string value: '\xEF\xBF\xBD...' for column 'salt' at row 1"

How do I go about fixing this?

yuur