MX_ACL - Access Control library | CodeIgniter Forums

2 of 2

MX_ACL - Access Control library

CtheB

Posted: 16 May 2009 01:47 PM

[ Ignore ] [ # 11 ]

Grad Student

Total Posts: 79

Joined 10-18-2008

Just out of curiosity: Why are you using php4 code here and php5 at hmvc?
Ofcourse it’s easy to upgrade to php5, wich i will do.
Thank you for the library:)

Off-topic:
I think not everybody is realising php6 is not backward compatible with php4,
php5 is compatible with php6, so writing php5 code only is good practise if you are using php5.

I know your answer is going to be: to support people who have a php4 server only.
But i’m curious how many people on this forum don’t have the possibility to upgrade to php5.
I don’t think there are many.

And i think not everybody is realising the fact that if they are using php4 custom code in codeigniter,
while they are having php5 server,
they have to upgrade all the code when they are going to upgrade to php6…
Because when an update of codeigniter comes wich is compatible to php6 they don’t rewrite your custom code for you!

Profile

CtheB

Posted: 16 May 2009 01:48 PM

[ Ignore ] [ # 12 ]

Grad Student

Total Posts: 79

Joined 10-18-2008

(sorry posted same post twice)

Profile

wiredesignz

Posted: 16 May 2009 08:43 PM

[ Ignore ] [ # 13 ]

Sr. Research Associate

Total Posts: 3216

Joined 06-10-2007

@CtheB, There is a PHP4 version of HMVC also.

For the moment coding PHP4 style is easier and for the most part still compatible with PHP5.

I have noticed that if you submit PHP5 code to the CI forums someone will inevitably ask you why it’s not available as PHP4.

Signature

URI Language Identifier | Modular Extensions - HMVC | View Object | Widget plugin | Access Control library

Profile

CtheB

Posted: 17 May 2009 03:52 AM

[ Ignore ] [ # 14 ]

Grad Student

Total Posts: 79

Joined 10-18-2008

And never got the question why it’s not available as PHP5?

I think there are not many php4 developers left on this forum, honestly..

I hope many people go vote on this topic:
http://codeigniter.com/forums/viewthread/114648/

Profile

wiredesignz

Posted: 02 October 2009 10:14 AM

[ Ignore ] [ # 15 ]

Sr. Research Associate

Total Posts: 3216

Joined 06-10-2007

PHP5 only version of Access Control Library.

<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
 * MX_ACL - Access Control Library PHP5
 * 
 * Notes:
 * $config['cache_path'] must be set
 *
 * Install this file as application/libraries/MX_ACL.php
 * 
 * @copyright    Copyright (c) Wiredesignz & Maxximus 2009-11-03
 * @version     1.1
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
class MX_ACL
{    
    private $_config, $_cache_path;
    
    public function __construct() {
        
        $this->load->helper('url');
        $this->load->library('session');
        $this->load->config('mx_acl', TRUE);
        
        $this->_config = $this->config->item('mx_acl');
        $this->_cache_path = $this->config->item('cache_path');
        
        /* previous flashdata is available to views */
        $this->load->vars($this->_config['error_var'], $this->session->flashdata($this->_config['error_var']));
        
        /* run the access control check now */
        ($this->_config['check_uri']) AND $this->check_uri();
    }
    
    /**
     * Check the current uri and user privileges against the cached ACL array
     * Redirect if access is denied
     * 
     * @return void
     */
    public function check_uri() {
        
        /* Load the cached access control list or show error */
        (is_file($cached_acl = $this->_cache_path.'mx_acl'.EXT)) OR show_error($this->_config['error_msg']);
        
        $acl = include $cached_acl;

        /* Match current url to access list */
        if (is_array($acl) AND $acl = $this->match_uri($this->current_uri(), $acl)) {
            
            /* Check session group against access level group */
            $allow_access = (bool)(in_array($this->session->userdata($this->_config['session_var']), $acl['allowed']));
                
             /* Additional check to allow IP addresses in range */
            if ( ! $allow_access AND isset($acl['ipl'])) $allow_access = $this->check_ip($acl['ipl']);
                
            if ($allow_access == FALSE)    {
                
                /* Set a return url into the session */
                $this->session->set_userdata('return_url', $this->uri->uri_string());
                
                /* set the error message... */
                $error_msg = (isset($acl['error_msg'])) ? $acl['error_msg'] : $this->_config['error_msg'];
                    
                /* set a flash message... */
                $this->session->set_flashdata($this->_config['error_var'], $error_msg);        
                    
                /* redirect to absolute url */
                die(header("Location: ".$acl['error_uri'], TRUE, 302));
            }
        }
    }
    
    /**
     * Return the access control profile for a given url
     * 
     * @return string
     * @param string $current_uri
     * @param array  $acl
     */
    private function match_uri($current_uri, $acl) {
        if (array_key_exists($current_uri, $acl)) {
            return $acl[$current_uri];            
        } else {
            if ($pos = strripos($current_uri, '/')) {
                return $this->match_uri(substr($current_uri, 0, $pos), $acl);
            }
        }
    }

    /**
     * Returns the current uri string from segments
     * 
     * @return string
     */
    private function current_uri() {
        return implode('/', $this->uri->rsegments);
    }

    /** 
     * Checks the remote IP address against the specified $ipl array
     * 
     * @return bool
     * @param array $ipl
     * @param string $remote_ip[optional]
     */    
     private function check_ip($ipl, $remote_ip = NULL) {
        
        /* Convert ip address into a double (for lousy OSes)*/
        $remote_ip = floatval(ip2long(($this->session->userdata('ip_address'))));
        
        /* Loop through the ip list array */
        foreach ($ipl as $allowed_ip) {
            
            /* Replace '*' (for IP ranges) with a suitable range number */
            $min = str_replace("*", "0", $allowed_ip);        
            $max = str_replace("*", "255", $allowed_ip);

            /* Check for a match */
            if (($remote_ip >= floatval(ip2long($min))) AND ($remote_ip <= floatval(ip2long($max)))) {
                return TRUE;
            }
        }
    }
    
    public function __get($var)    {
        static $CI;
        (is_object($CI)) OR $CI = get_instance();
        return $CI->$var;
    }
}
/* End of file MX_ACL.php */
/* Location: ./application/libraries/MX_ACL.php */ 

Signature

URI Language Identifier | Modular Extensions - HMVC | View Object | Widget plugin | Access Control library

Profile

ardinotow

Posted: 27 October 2009 11:21 AM

[ Ignore ] [ # 16 ]

Lab Assistant

Total Posts: 161

Joined 03-19-2008

Hi wiredesignz,

I tried PHP5 Only version but the error message shown up in every page including the page that should be accessible by everyone without login.
Why can this happened?

Signature

AutoACL - Access Control Library++ with Very Private Page (VPP) Control
AutoCRUMB - The simplest breadcrumb helper ever
Autocrumb on bitbucket
Integrate CI 2 with Eclipse
———————————————————————————————-
Website: ardinoto.blogspot.com

Profile

natanv

Posted: 28 November 2009 06:32 PM

[ Ignore ] [ # 17 ]

Summer Student

Total Posts: 4

Joined 10-22-2009

You need to modify the following line of the mx_acl controller:


$this->_cache_path = $this->config->item('cache_path');

TO:


$this->_cache_path = $this->config->item('cache_path', 'mx_acl');

Then add/create the following config var ‘cache_path’ in config/mx_acl and set it to your mx_acl cache dir.

Otherwise it will fail to load the access control list cache and automatically display the error.

Profile

tkyy

Posted: 11 November 2010 12:23 PM

[ Ignore ] [ # 18 ]

Grad Student

Total Posts: 81

Joined 05-16-2009

oh neat, i made something similar

<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/*
|---------------------------------------------------------------
| ACCESS CONTROL LIBRARY
|---------------------------------------------------------------
|
| This library allows us to restrict access to specific users,
| it essentially creates "roles" inside of the application.
|
| The access level number is generally the user's role number,
| for instance when I implement this there is generally make a
| field in the user's table called 'access' or 'type' that
| corresponds to the access level.
|
| Author: Doug Lauer <lauerphp@gmail.com> <http://taky.bz>
| Date: Thu Nov 11 2010
|
*/

class access_control{

    //class variables
    var $ci, $userdata, $access_field, $my_access, $users_table, $user_id;
    
    //const
    function settings($access_field='access',$user_table='users',$user_id=''){
        
        //give me the ci superobject
        $this->ci = get_instance();
        
        //give me the current userdata
        $this->userdata = $this->ci->session->userdata;
        
        //grab the field we designated for storing the user access levels
        $this->access_field = $user_field;
        
        //validate that value as well
        if($this->access_field==''){
            
            ed('noexists_access_field');
            
        }
        
        //grab the users table
        $this->users_table = $user_table;
        
        //validate that too
        if($this->users_table==''){
        
            ed('noexists_users_table');
        
        }
        
        //validate an set the user's primary id
        if(!is_numeric($user_id)) ed('invalid_user_id');
        
        //set it into the class variables
        $this->user_id = $user_id;
        
        //grab the users access level from the userdata
        $this->grab_level();
        
    }
    
    /*
    |---------------------------------------------------------------
    | PUBLIC FUNCTIONS, CALLABLE
    |---------------------------------------------------------------
    */
    
    //define an access level for a particular page, checks userdata
    //you should put this function into the constructor functions for
    //controllers generally, but it can also be placed in specific functions
    //instead!
    function define_access($number=''){
        
        //validate the input at a glance
        if(!is_numeric($number) || $number=='') ed('invalid_access_level');
        
        //simple, right?
        if($this->access_level=>$number){
            
            //cool, the user is able to view this page
            return TRUE;
            
        }else{
        
            //no, this user does not have the privledges to view
            return FALSE;
            
        }
        
    }
    
    /*
    |---------------------------------------------------------------
    | PRIVATE FUNCTIONS, INTERNAL
    |---------------------------------------------------------------
    */
    
    //echo and die, "ed"
    private function ed($string=''){
    
        //you got me, i'm dead!
        echo $string;
        die;
        
    }
    
    //grabs my access level from the userdata
    private function grab_level(){
    
        //check if the access level is in the userdata first, this will
        //avoid doing another get query from the database if we can
        if($this->userdata[$this->access_field]!=''){
        
            //set my access level according to the userdata
            $this->my_access = $this->userdata[$this->access_field];
                    
        }else{
        
            //no userdata existed, we have to grab this from the database instead
            $result = $this->ci->db->select($this->access_field)
                                    ->from($this->users_table)
                                    ->where('id',$this->user_id)
                                    ->limit(1)
                                    ->get()
                                    ->result_array();
                
            //validate a result was returned                    
            if(isset($result[0][$this->access_field])){
                
                //good, we have something back, set it
                $this->my_access = $result[0][$this->access_field];
            
            }else{
            
                //we didn't return any results for that query, die
                ed('noresult_access_query');
            
            }
            
        }
    
    }

}

# EXAMPLE LIBRARY USAGE
# ---------------------------------------------------------------
#
# //controller constructor
# function welcome(){
#
#     parent::controller();
#
#    $this->load->library('access_control');
#
#    $this->access_control->settings('access','users',$this->session->userdata['id']);
#
#    if(!$this->access_control->define_access(8)){
#
#        redirect($this->config->item('base_url'));
#
#    }
#    
# }
# 

Signature

sr web applications developer
ci, mysql driven, jquery powered (mostly social web applications)

taky.bz, blackhat

Profile

iansane

Posted: 26 March 2012 08:31 PM

[ Ignore ] [ # 19 ]

Grad Student

Total Posts: 45

Joined 10-21-2011

wiredesignz - 04 May 2009 09:21 PM
Hi Johan Andre,

MX_Acl does not require any interaction from your controllers.

MX_Acl checks the URI and session userdata “role_id” (and IP address) against its cached access control list and automatically redirects if access is denied to that user.

Session flashdata is set with your access denied “error_msg” and session userdata “return_url” is set with the current URI in case you wish to return to the same location after a login procedure.

Most of the configuration variable names are customizable to suit your own application.

Hope this helps.

Hi, I have copied all of the files (used the php5 version and the php4 version) but it doesn’t appear to do anything. If you don’t use it in controllers then how does it work? I added a array for ‘welcome’ page and set the allowed ip to 127.0.0.2 but it seems to be ignored. I don’t get any errors. I just get directed to the welcome controller.

Can you explain the cached access arrays?

For example I want to restrict access to the welcome controller for a test so I have this array:

'welcome'    => array(
        'allowed'    => array(1, 2, 3),
        'ipl'        => array('127.0.0.2'),
        'error_uri'  => (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] :   site_url('noaccess'),
        'error_msg'  => 'You do not have permission to update this page!',
    ), 

I made a noaccess controller and noaccess view so it would have something to redirect to. I don’t know what the array(1,2,3) numbers mean or how to set what they mean.

Can you provide an example of usage and how to set the roles for role_id 1,2,3 ?

Thanks

Profile

2 of 2

‹‹ Pager - Pagination Widget Segments and GET-data co-existing ››

Username		Remember Me?
Password		forgot password?