ACL in PHP

ACL in PHP

Isi Kandungan

• Pengenalan– Apa itu ACL?– Fungsi ACL?

• IF Else Authorization• ACL• Sesi Soalsiasat

Pengenalan

• Apa itu ACL?ACL atau akronimnya Access Control List, merupakan suatu kaedah untuk menentukan akses kepada sesuatu fungsi untuk setiap pengguna sistem.

• Merupakan satu terma, ACL tidak dimasukkan sebagai fungsi native PHP dan perlu dibangunkan oleh pembangun; user defined function.

IF Else Authentication

• Adalah cara mudah untuk melaksanakan authorization access dalam sesuatu sistem.

• Selalu digunakan dalam pembangunan PHP.

• Terdapat banyak kelemahan.– Sukar untuk diurus.– Kurang dinamik.

IF Else Authorization

Contoh Aturcara

<?php$username = “test”;$levels = “admin”;

if($level == “admin”) ://give system management access to admin.

elseif($level == “hr”) ://give human resource access to hr.

elseif($level == “it-dept”) ://give IT department access to IT dept’s staff.

endif;?>

Senario yang mungkin berlaku…

• Organisasi telah berkembang, jabatan baru “Jabatan Multimedia” telah diwujudkan, sila beri akses kepada staf Jabatan Multimedia!

• “Jabatan Multimedia” memerlukan akses kepada Modul “Jabatan IT”!

• “Jabatan Multimedia” akan dimansuhkan dan staf “Jabatan Multimedia” akan diletakkan dibawah “Jabatan IT”, sila pindahkan modul “Jabatan Multimedia” kepada “Jabatan IT”.

ACL

• Kaedah ini menggunakan database, table yang diperlukan:-– acl– user– user_group– user_privilege

• Lebih baik implement konsep Object Oriented Programming (OOP) untuk menguruskan akses.

• Akses diperiksa berdasarkan kebenaran untuk menggunakan sesuatu module, bukan berdasarkan level pengguna.

ACL – table acl

Field Type Misc.

id INT(11) • auto_increment• primary_key

modules VARCHAR(100)

ACL – table user

Field Type Misc.


name VARCHAR(100)

password VARCHAR(32)

group INT(11) • link to id in user_group table

ACL – table user_group

Field Type Misc.


name VARCHAR(100)

ACL – table user_privilege

Field Type Misc.


acl_id INT(11)

group_id INT(11)

Code {1}

<?php// get user data$result = mysql_query(“SELECT u.username, g.id FROM user u LEFT JOIN user_group g ON u.group=g.id WHERE u.id=1”);$row = mysql_fetch_array($result);$username = $row[“username”];$levels = $row[“id”];

$appACL = new ACL();$appACL->fetch_ACL($level);

if($appACL->check_ACL(1)) ://give access to module A

elseif($appACL->check_ACL(2)) ://give access to module B

elseif($appACL->check_ACL(3)) ://give access to module C

endif;?>

Code {2}

<?phpclass ACL {

var $list_ACL;function fetch_ACL($level == 0) {

$query = “SELECT p.id, FROM user_privilege p WHERE p.group_id=“.$level.” ORDER BY p.id ASC”;

$result = mysql_query($query);$count = 1;while($row = mysql_fetch_array($result)) :

while($count < $row[“id”]) :$this->list_ACL[$count] = 0;$count++;

endwhile;if($count == $row[“id”]) :

$this->list_ACL[$count] = 1;$count++;

endif;endwhile;$query_acl = “SELECT count(id) AS totals FROM acl”;$result_acl = mysql_query($query_acl);$row_acl = mysql_fetch_array($result_acl);for(; $count <= $row_acl[“totals”]; $count++) :

$this->list_ACL[$count] = 0;endfor;

}// continues..

Code {3}

// continues from last page

function check_ACL($acl = 0) {if($this->list_ACL[$acl] == 1) :

return true;else :

return false;endif;

}?>

Sample

GUI for Editing ACL {1}

<form id=“acl_manager” method=“post” action=“acl.php”><?php

$query_group = "SELECT * FROM user_group";$result_group = mysql_query($query_group);while ($row_group = $csdb->mysql_fetch_array($result_group)) :

$levels[$row_group["id"]] = $row_group["name"];endwhile;

?><table>

<thead><tr><th>Module</th>

<?phpforeach($levels as $value) :

print “<th>”.$value.”</th>”;endforeach;

?></tr>

</thead>

<?php // continues…

?>


<tbody><?php

$query_acl = "SELECT * FROM acl ORDER BY id ASC";$result_acl = mysql_query($query_acl);$count = 0;while($row_acl = mysql_fetch_array($result_acl)) :

$menu_id[$count] = $row_acl["id"];$menu_runid[$row_acl["id"]] = $count;$menu_name[$count] = $row_acl["name"];$count++;

endwhile;

$query_acp = "SELECT * FROM user_privilege";$result_acp = mysql_query($query_acp);while($row_acp = mysql_fetch_array($result_acp)) :

$this_id = $menu_runid[$row_acp[“acl_id"]];$menu_access[$this_id][$row_acp[“group_id"]] = 1;

endwhile;

// continues…?>


<tbody><?php

$query_acl = "SELECT * FROM acl ORDER BY id ASC";$result_acl = mysql_query($query_acl);$count = 0;while($row_acl = mysql_fetch_array($result_acl)) :

$menu_id[$count] = $row_acl["id"];$menu_runid[$row_acl["id"]] = $count;$menu_name[$count] = $row_acl["name"];$count++;

endwhile;

$query_acp = "SELECT * FROM user_privilege";$result_acp = mysql_query($query_acp);while($row_acp = mysql_fetch_array($result_acp)) :

$this_id = $menu_runid[$row_acp[“acl_id"]];$menu_access[$this_id][$row_acp[“group_id"]] = 1;

endwhile;

// continues…?>


$counts = 0;for($list = 0; $list < count($menu_id); $list++) :

print "<tr>";print "<td>

<strong>".$menu_name[$list]."</strong></td>";

foreach($levels as $level => $name) :$checked = ((isset($menu_access[$list][$level]) and $menu_access[$list][$level] == 1) ?

"checked='checked'" : "");print "<td>

<input type='checkbox' ".$checked." id='menu_access_".$counts."' name='menu_access[".$counts."]' value='1' />

<input type='hidden' name='menu_id[".$counts."]' value='".$menu_id[$list]."' /><input type='hidden' name='menu_level[".$list."]' value='".$level."' />

</td>";$counts++;

endforeach;print "</tr>";

endfor;?>

</tbody></table><div>

<input type=“submit” name=“submit” value=“Submit” class=“button” /></div></form>

Submit ACL

<?php// Validate post form command

mysql_query("TRUNCATE TABLE user_privilege");

$acl_id = $_POST["menu_id"];$acl_access = $_POST["menu_access"];$acl_group = $_POST["menu_level"];

for ($i=0; $i < count($acl_id); $i++) :$bool = ((isset($acl_access[$i]) and $acl_access[$i] == 1) ? 1 : 0);if($bool == 1) :

mysql_query("INSERT INTO user_privilege (acl_id, group_id) VALUES (".$acl_id[$i].", ".$acl_group[$i].")");

endif;endfor;

?>

Documents

ACL in PHP