PHP code to restrict member access by permissions

Question

Hi, I am building a website in PHP & mySQL. It has frontend and backend capabilities. Only admin can enter the backend by means of username and password. Now if the admin wants to add other sub-admins to the website, he could do so. By this method, a sub-admin will be able to login and perform all actions that the original admin is able to do.

WHAT I WANT TO DO:

I want to restrict the access of the sub-admins at my choice and assign them permissions so that they are able to access only certain portions of the admin panel.

EXAMPLE OF THE FEATURE THAT I AM TALKING ABOUT:

Consider that I have the following links accessible by original admin. 1. Add articles 2. Approve articles 3. Delete Articles 4. Add User 5. Edit user 6. Delete User 7. Change site settings 8. View Financial info 9. Mail center

If I do not set any permissions, then all sub-admins will be able to access all of above links. Say I create 2 sub-admins 'David' and 'Bob'.

Now I want David to access only the following desired sections of the backend:

1. Add articles, 4. Add User, 7. Change site settings

Now I want Bob to access only the following desired sections of the backend:

1. Add articles, 2. Approve articles, 3. Delete Articles, 4. Add User, 9. Mail center

I, being the original admin, should be able to access all sections whereas, David and Bob, should be able to see & access only the links and pages (or functionality) that have been assigned to them. I don't have a clue as to how to do this. Also, for example, if I want to restrict a sub-admin to access only 'Add articles' page, then I also want him to access the page that it posts to (considering that the input is on Add articles page) add_articles_next.php page. Also note that 'add_articles_next.php page' does not appear anywhere in the list of links. It is merely a page that is posted to from the page to which the sub-admin has access.

I understand that there is no way for the system to know that unless I explicitly specify it, but yes, that's my question. How to do it? I am not a object oriented person, so PHP code using functions will be great for me.

OTHER LIVE EXAMPLES OF THE FEATURE THAT I AM TALKING ABOUT:

I came across a feature while researching this topic. Click here to visit it. This looks like somewhat similar feature.

Thank you all in advance for any code that you can give me.

Answer 1

This has been asked a number of times before on SO. The keyword to search for is Access Control Lists (ACL). One of the most prominent PHP solutions for ACL is Zend_ACL. It's very generic and should enable you to customize it to your needs.

Edit regarding your comment about object oriented libraries:

Finding an ACL solution that is not object oriented is going to be very, very difficult as there are very few good ACLs for PHP on the market (Zend is about the only one I know, really) and most modern applications are taking a more or less object oriented approach. But don't worry, check out the tutorials. I think you will have no problem using Zend_Acl in a function oriented app. You will need to talk to the ACL via OOP, but that's easy. I don't think you'll have to change your app much. Give it a try, and on a general note, basic OOP isn't difficult to learn. Just give the "Classes and Objects" chapter in the PHP manual a good read.