ACL in PHP

Views:
 
Category: Education
     
 

Presentation Description

No description available

Comments

By: crhoanng (34 month(s) ago)

thank

By: tungdt (38 month(s) ago)

thank for post :)

By: manalibhojwani (52 month(s) ago)

dis is a vry good n knwledgeful presentation..... pls send dis presentation on my id. my id is manalibhojwani@gmail.com

By: hammrouni (54 month(s) ago)

thx ;)

By: umarrana (54 month(s) ago)

wow

See all

Presentation Transcript

ACL in PHP: 

ACL in PHP By crynobone http://www.chronosight.net

Isi Kandungan: 

Isi Kandungan Introduction What is ACL? Use of ACL? IF Else Authorization ACL

Introduction: 

Introduction What is ACL? ACL or it’s accroymn Access Control List, is a method to determine module access to each particular user inside a system. It’s a term, not included as native function for PHP whereby developer need to develop it themselves as user defined function.

IF Else Authorization: 

IF Else Authorization Is the simplest way to execute authorization control in a system. Widely use in PHP by most developer. Contain many weaknessess: Hard to manage. Less dynamic.

IF Else Authorization: 

IF Else Authorization Example: <?php $username = “test”; $levels = “admin”; if($level == “admin”) : //give system management access to admin. elseif($level == “hr”) : //give human resource access to hr. elseif($level == “it-dept”) : //give IT department access to IT dept’s staff. endif; ?>

Example of senarios…: 

Example of senarios… The organization has create another department, “Multimedia Dept”, please give appropriate access to Multimedia Dept’s staffs! Later, “Multimedia Dept” need access to “IT Dept” modules, please provide access! Months later, “Multimedia Dept” will be close and all the staff will be transferred to “IT Dept”, please move all “Multimedia Dept” module to “IT Dept”!

Example of senarios…: 

Example of senarios… All the example require us (programmer) to goes back to the code and change every single line which contain the IF ELSE Authorization. Now let consider a better way to manage this.

ACL: 

ACL In this example, I be using database to manage ACL, table that are needed in the example are:- acl user user_group user_privilege It’s better to implement Object Oriented Programming (OOP) to manage the ACL. Access is check based on modules, not user levels.

ACL – table acl: 

ACL – table acl

ACL – table user: 

ACL – table user

ACL – table user_group: 

ACL – table user_group

ACL – table user_privilege: 

ACL – table user_privilege

Code {1}: 

Code {1} <?php // get user data $result = mysql_query(“SELECT u.username, g.id FROM user u LEFT JOIN user_group g ON u.group=g.id WHERE u.id=1”); $row = mysql_fetch_array($result); $username = $row[“username”]; $levels = $row[“id”]; $appACL = new ACL(); $appACL->fetch_ACL($level); if($appACL->check_ACL(1)) : //give access to module A elseif($appACL->check_ACL(2)) : //give access to module B elseif($appACL->check_ACL(3)) : //give access to module C endif; ?>

Code {2}: 

Code {2} <?php class ACL { var $list_ACL; function fetch_ACL($level == 0) { $query = “SELECT p.id, FROM user_privilege p WHERE p.group_id=“.$level.” ORDER BY p.id ASC”; $result = mysql_query($query); $count = 1; while($row = mysql_fetch_array($result)) : while($count < $row[“id”]) : $this->list_ACL[$count] = 0; $count++; endwhile; if($count == $row[“id”]) : $this->list_ACL[$count] = 1; $count++; endif; endwhile; $query_acl = “SELECT count(id) AS totals FROM acl”; $result_acl = mysql_query($query_acl); $row_acl = mysql_fetch_array($result_acl); for(; $count <= $row_acl[“totals”]; $count++) : $this->list_ACL[$count] = 0; endfor; } // continues..

Code {3}: 

Code {3} // continues from last page function check_ACL($acl = 0) { if($this->list_ACL[$acl] == 1) : return true; else : return false; endif; } ?>

Sample: 

Sample

GUI for Editing ACL {1}: 

GUI for Editing ACL {1} <form id=“acl_manager” method=“post” action=“acl.php”> <?php $query_group = "SELECT * FROM user_group"; $result_group = mysql_query($query_group); while ($row_group = $csdb->mysql_fetch_array($result_group)) : $levels[$row_group["id"]] = $row_group["name"]; endwhile; ?> <table> <thead> <tr> <th>Module</th> <?php foreach($levels as $value) : print “<th>”.$value.”</th>”; endforeach; ?> </tr> </thead> <?php // continues… ?>

GUI for Editing ACL {2}: 

GUI for Editing ACL {2} <tbody> <?php $query_acl = "SELECT * FROM acl ORDER BY id ASC"; $result_acl = mysql_query($query_acl); $count = 0; while($row_acl = mysql_fetch_array($result_acl)) : $menu_id[$count] = $row_acl["id"]; $menu_runid[$row_acl["id"]] = $count; $menu_name[$count] = $row_acl["name"]; $count++; endwhile; $query_acp = "SELECT * FROM user_privilege"; $result_acp = mysql_query($query_acp); while($row_acp = mysql_fetch_array($result_acp)) : $this_id = $menu_runid[$row_acp[“acl_id"]]; $menu_access[$this_id][$row_acp[“group_id"]] = 1; endwhile; // continues… ?>

GUI for Editing ACL {2}: 

GUI for Editing ACL {2} <tbody> <?php $query_acl = "SELECT * FROM acl ORDER BY id ASC"; $result_acl = mysql_query($query_acl); $count = 0; while($row_acl = mysql_fetch_array($result_acl)) : $menu_id[$count] = $row_acl["id"]; $menu_runid[$row_acl["id"]] = $count; $menu_name[$count] = $row_acl["name"]; $count++; endwhile; $query_acp = "SELECT * FROM user_privilege"; $result_acp = mysql_query($query_acp); while($row_acp = mysql_fetch_array($result_acp)) : $this_id = $menu_runid[$row_acp[“acl_id"]]; $menu_access[$this_id][$row_acp[“group_id"]] = 1; endwhile; // continues… ?>

GUI for Editing ACL {3}: 

GUI for Editing ACL {3} $counts = 0; for($list = 0; $list < count($menu_id); $list++) : print "<tr>"; print "<td> <strong>".$menu_name[$list]."</strong> </td>"; foreach($levels as $level => $name) : $checked = ((isset($menu_access[$list][$level]) and $menu_access[$list][$level] == 1) ? "checked='checked'" : ""); print "<td> <input type='checkbox' ".$checked." id='menu_access_".$counts."' name='menu_access[".$counts."]' value='1' /> <input type='hidden' name='menu_id[".$counts."]' value='".$menu_id[$list]."' /> <input type='hidden' name='menu_level[".$list."]' value='".$level."' /> </td>"; $counts++; endforeach; print "</tr>"; endfor; ?> </tbody> </table> <div> <input type=“submit” name=“submit” value=“Submit” class=“button” /> </div> </form>

Submit ACL: 

Submit ACL <?php // Validate post form command mysql_query("TRUNCATE TABLE user_privilege"); $acl_id = $_POST["menu_id"]; $acl_access = $_POST["menu_access"]; $acl_group = $_POST["menu_level"]; for ($i=0; $i < count($acl_id); $i++) : $bool = ((isset($acl_access[$i]) and $acl_access[$i] == 1) ? 1 : 0); if($bool == 1) : mysql_query("INSERT INTO user_privilege (acl_id, group_id) VALUES (".$acl_id[$i].", ".$acl_group[$i].")"); endif; endfor; ?>

authorStream Live Help