Multi-level user access system inaruhusu:

Kutofautisha access kwa users kulingana na role au level.

Kila user anapata access tu kwenye pages au actions zinazoruhusiwa.

Inasaidia security, organization, na scalability.

Mfano wa levels:

Level Role Access
1 Admin Full access
2 Manager Manage data, limited admin
3 User View only
โš™๏ธ 2. Database Setup

Tengeneza table ya users na role_level:

CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
email VARCHAR(100) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
role_level INT DEFAULT 3, -- 1=Admin, 2=Manager, 3=User
is_verified TINYINT(1) DEFAULT 0,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);


๐Ÿ’ก Maelezo:

role_level inahakikisha multi-level access.

Admin = 1, Manager = 2, User = 3.

๐Ÿงฉ 3. Assign Role Level Wakati wa Registration
$role_level = 3; // Default user level

$stmt = $pdo->prepare("INSERT INTO users (username,email,password,role_level) VALUES (:username,:email,:password,:role_level)");
$stmt->execute([
'username'=>$username,
'email'=>$email,
'password'=>password_hash($password, PASSWORD_DEFAULT),
'role_level'=>$role_level
]);


Admin au Manager role inaweza kuwekwa manual au kwenye admin panel.

๐Ÿ”‘ 4. Check Role Level baada ya Login
session_start();

$stmt = $pdo->prepare("SELECT * FROM users WHERE email=:email");
$stmt->execute(['email'=>$email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if($user && password_verify($password, $user['password'])){
if($user['is_verified'] == 0){
$error = "โŒ Please verify your email first!";
} else {
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role_level'] = $user['role_level'];

header("Location: dashboard.php");
exit;
}
}


$_SESSION['role_level'] inatumika ku-control access kwa pages mbalimbali.

๐Ÿ“ 5. Restrict Pages kwa Role Level
<?php
session_start();

// Check if user is logged-in
if(!isset($_SESSION['user_id'])){
header("Location: login.php");
exit;
}

// Check minimum role level for this page
$required_level = 2; // Manager or higher
if($_SESSION['role_level'] > $required_level){
die("โŒ Access denied. You do not have permission to view this page.");
}
?>
<h2>Manager Dashboard</h2>
<p>Only Admin (1) and Manager (2) can access this page.</p>


role_level chini ya required_level inaruhusu access.

Optional: Helper Function
function checkAccess($min_level){
if(!isset($_SESSION['role_level']) || $_SESSION['role_level'] > $min_level){
die("โŒ Access denied.");
}
}


Kila page inaweza kutumia: checkAccess(1); kwa admin pages.

๐Ÿง  6. Vidokezo vya Usalama

Server-side check: Usitegemee client-side validation.

Combine with authentication best practices: Password hashing, session security, email verification.

Audit logs: Record actions per user level.

Minimal privileges: Give users minimum access needed.

โœ… 7. Hitimisho

Multi-level access system inarahisisha management ya permissions.

Inahakikisha users hawawezi ku-access pages au actions zisizoruhusiwa.

Best practices: role_level, session checks, server-side validation, minimal privileges.

๐Ÿ”— Tembelea:

๐Ÿ‘‰ https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, user authentication, na access control systems.