I am in the process of creating a webpage for two user types- one being students and the other being administrators. I need to create a user settings function within these webpages, so students are able to alter their data once logged in. I need to ensure that the students can only view their own data and only alter their own, and I also need to ensure that this data is stored so that the administrators can then log in and view the data for each student.
How would I create this? What code would I use?Thank you for your help in advance!
if you have a login system, then it will work the same for your project. Use PDO to connect to a database to verify a user and password. I think that forum software adds a role column to separate users from moderators, for example. You could download PHPBB or SMF to see the code. I always worry about elevation of privilege, so i would keep administrators in a different db, unless you have more than a few. Administrators should be a low number, so if in array username then call this dbconfig file, else call students database. Once logged in, you can store certain credentials in a session variable, such as primary id. Then prompt for a password verification for any user wanting to change/alter data. I’ve learned from astonecipher about soft deletes, which will allow one to rollback any changes. Students should have a db user with limited rights to act upon the database and its tables.
you can simply use a form for admins to query the students database. admins will have a different role for the students db and tables, which should allow them to delete/alter the db and its tables.
this is really a matter of databases and sql, php and secure programming practices.
I’m sure that other members could offer good advice for you to follow. Your project involves alot of code, so example code is stretching the request a bit too far.
you could use php to assign ids to students and admins. if id=student then use student php files, else admin so use admin php files. I would separate the two physically on disk.