Scribd
Upload
6 views

task2

Uploaded by

naveennandhu628
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
6 views

task2

Uploaded by

naveennandhu628
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

To create a user-based access management system where different user groups have

access to specific pages, I'll guide you through the process using HTML and PHP for
the backend. We'll focus on the following:

Create 4 Pages: home.html, about-us.html, contact-us.html, and feedback.html.


Define Two User Groups:
Group A: Access to home.html and about-us.html.
Group B: Access to contact-us.html and feedback.html.
Access Control: Restrict access based on the user's group. If an unauthorized user
tries to access a restricted page, either redirect them to a 404 page or display a
popup.
Step-by-Step Procedure
1. Create the HTML Pages
Let's first create the basic HTML pages: home.html, about-us.html, contact-us.html,
feedback.html, and 404.html.

home.html
html
Copy code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Home</title>
</head>
<body>
<h1>Welcome to the Home Page</h1>
<p>Content for Group A.</p>
</body>
</html>
about-us.html
html
Copy code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>About Us</title>
</head>
<body>
<h1>About Our Company</h1>
<p>Information for Group A.</p>
</body>
</html>
contact-us.html
html
Copy code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Us</title>
</head>
<body>
<h1>Contact Information</h1>
<p>Content for Group B.</p>
</body>
</html>
feedback.html
html
Copy code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Feedback</title>
</head>
<body>
<h1>Feedback Form</h1>
<p>Feedback form for Group B.</p>
</body>
</html>
404.html (Access Denied Page)
html
Copy code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>404 - Page Not Found</title>
</head>
<body>
<h1>404 - Page Not Found</h1>
<p>You do not have permission to view this page.</p>
<a href="/home.html">Go to Home Page</a>
</body>
</html>
2. Create PHP Logic to Handle Access Control
Now, we’ll create the server-side logic to determine which pages are accessible
based on the user’s group.

login.php (Simulated Login and Session Management)


This is a simple login page for demonstration. It will simulate setting the user's
group and store it in the session.

php
Copy code
<?php
session_start();

// Assume we have a simple login check here (e.g., database validation)


if (isset($_POST['username']) && isset($_POST['password'])) {
// For simplicity, we assign groups directly based on the username
if ($_POST['username'] == 'group_a_user') {
$_SESSION['user_group'] = 'A'; // Group A
} elseif ($_POST['username'] == 'group_b_user') {
$_SESSION['user_group'] = 'B'; // Group B
} else {
$_SESSION['user_group'] = 'guest'; // Guest user (no access)
}

// Redirect to home page after login


header('Location: home.html');
exit();
}
?>

<form method="post" action="login.php">


<label for="username">Username:</label>
<input type="text" name="username" id="username" required>
<label for="password">Password:</label>
<input type="password" name="password" id="password" required>
<button type="submit">Login</button>
</form>
3. Create the PHP Access Control Logic
For each page, we need to check if the logged-in user has the necessary permissions
to access the page. If not, we either show a popup or redirect them to the
404.html.

check_access.php (Access Control Logic)


This file will check the user's group and ensure they only access the allowed
pages.

php
Copy code
<?php
session_start();

// Function to check page access


function check_access($page) {
if (isset($_SESSION['user_group'])) {
$userGroup = $_SESSION['user_group'];

// Define group permissions


$groupA_pages = ['home.html', 'about-us.html'];
$groupB_pages = ['contact-us.html', 'feedback.html'];

if ($userGroup == 'A' && in_array($page, $groupA_pages)) {


return true;
} elseif ($userGroup == 'B' && in_array($page, $groupB_pages)) {
return true;
}
}

return false; // Denied access


}
?>
home.php (Access Control Applied to Home Page)
In the home.php file, we’ll check if the user has access to home.html.

php
Copy code
<?php
include('check_access.php');

if (!check_access('home.html')) {
// Option 1: Redirect to 404 page
header('Location: /404.html');
exit();

// Option 2: Popup access denied (can be triggered from backend)


// echo "<script>alert('Access Denied!'); window.location.href =
'/home.html';</script>";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Home</title>
</head>
<body>
<h1>Welcome to the Home Page</h1>
<p>Content for Group A.</p>
</body>
</html>
about-us.php (Access Control Applied to About Us Page)
php
Copy code
<?php
include('check_access.php');

if (!check_access('about-us.html')) {
header('Location: /404.html');
exit();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>About Us</title>
</head>
<body>
<h1>About Our Company</h1>
<p>Information for Group A.</p>
</body>
</html>
contact-us.php (Access Control Applied to Contact Us Page)
php
Copy code
<?php
include('check_access.php');

if (!check_access('contact-us.html')) {
header('Location: /404.html');
exit();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Us</title>
</head>
<body>
<h1>Contact Information</h1>
<p>Content for Group B.</p>
</body>
</html>
feedback.php (Access Control Applied to Feedback Page)
php
Copy code
<?php
include('check_access.php');
if (!check_access('feedback.html')) {
header('Location: /404.html');
exit();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Feedback</title>
</head>
<body>
<h1>Feedback Form</h1>
<p>Feedback form for Group B.</p>
</body>
</html>
4. Handle Access Denial
404.html (Access Denied Page)
This page is already set up in Step 1. It will show a message when a user is denied
access.

html
Copy code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>404 - Page Not Found</title>
</head>
<body>
<h1>404 - Page Not Found</h1>
<p>You do not have permission to view this page.</p>
<a href="/home.html">Go to Home Page</a>
</body>
</html>
5. Testing the System
Login:
Log in as a user from Group A (username: group_a_user) or Group B (username:
group_b_user).
Access pages that are allowed for the group and ensure the user can view the pages.
Try accessing restricted pages and confirm the user is either redirected to the 404
page or shown a popup (based on your configuration).
Access Denied:
Try to manually access a URL (e.g., /contact-us.html for Group A) and verify that
the system properly handles the unauthorized access.
Final Notes:
This implementation uses PHP sessions for managing user login and access control.
Ensure your session is started (session_start()) at the beginning of every PHP file
that needs user authentication.
For production, you should also ensure that your login system is secure, e.g., by
hashing passwords and using HTTPS.

You might also like