ACL in PHP

Isi Kandungan Pengenalan –Apa itu ACL? –Fungsi ACL? IF Else Authorization ACL Sesi Soalsiasat

Pengenalan Apa itu ACL? ACL atau akronimnya Access Control List, merupakan suatu kaedah untuk menentukan akses kepada sesuatu fungsi untuk setiap pengguna sistem. Merupakan satu terma, ACL tidak dimasukkan sebagai fungsi native PHP dan perlu dibangunkan oleh pembangun; user defined function.

IF Else Authentication Adalah cara mudah untuk melaksanakan authorization access dalam sesuatu sistem. Selalu digunakan dalam pembangunan PHP. Terdapat banyak kelemahan. –Sukar untuk diurus. –Kurang dinamik.

IF Else Authorization Contoh Aturcara <?php $username = “test”; $levels = “admin”; if($level == “admin”) : //give system management access to admin. elseif($level == “hr”) : //give human resource access to hr. elseif($level == “it-dept”) : //give IT department access to IT dept’s staff. endif; ?>

Senario yang mungkin berlaku… Organisasi telah berkembang, jabatan baru “Jabatan Multimedia” telah diwujudkan, sila beri akses kepada staf Jabatan Multimedia! “Jabatan Multimedia” memerlukan akses kepada Modul “Jabatan IT”! “Jabatan Multimedia” akan dimansuhkan dan staf “Jabatan Multimedia” akan diletakkan dibawah “Jabatan IT”, sila pindahkan modul “Jabatan Multimedia” kepada “Jabatan IT”.

ACL Kaedah ini menggunakan database, table yang diperlukan:- –acl –user –user_group –user_privilege Lebih baik implement konsep Object Oriented Programming (OOP) untuk menguruskan akses. Akses diperiksa berdasarkan kebenaran untuk menggunakan sesuatu module, bukan berdasarkan level pengguna.

ACL – table acl FieldTypeMisc. idINT(11) auto_increment primary_key modulesVARCHAR(100)

ACL – table user FieldTypeMisc. idINT(11) auto_increment primary_key nameVARCHAR(100) passwordVARCHAR(32) groupINT(11) link to id in user_group table

ACL – table user_group FieldTypeMisc. idINT(11) auto_increment primary_key nameVARCHAR(100)

ACL – table user_privilege FieldTypeMisc. idINT(11) auto_increment primary_key acl_idINT(11) group_idINT(11)

Code {1} <?php // get user data $result = mysql_query(“SELECT u.username, g.id FROM user u LEFT JOIN user_group g ON u.group=g.id WHERE u.id=1”); $row = mysql_fetch_array($result); $username = $row[“username”]; $levels = $row[“id”]; $appACL = new ACL(); $appACL->fetch_ACL($level); if($appACL->check_ACL(1)) : //give access to module A elseif($appACL->check_ACL(2)) : //give access to module B elseif($appACL->check_ACL(3)) : //give access to module C endif; ?>

Code {2} <?php class ACL { var $list_ACL; function fetch_ACL($level == 0) { $query = “SELECT p.id, FROM user_privilege p WHERE p.group_id=“.$level.” ORDER BY p.id ASC”; $result = mysql_query($query); $count = 1; while($row = mysql_fetch_array($result)) : while($count < $row[“id”]) : $this->list_ACL[$count] = 0; $count++; endwhile; if($count == $row[“id”]) : $this->list_ACL[$count] = 1; $count++; endif; endwhile; $query_acl = “SELECT count(id) AS totals FROM acl”; $result_acl = mysql_query($query_acl); $row_acl = mysql_fetch_array($result_acl); for(; $count <= $row_acl[“totals”]; $count++) : $this->list_ACL[$count] = 0; endfor; } // continues..

Code {3} // continues from last page function check_ACL($acl = 0) { if($this->list_ACL[$acl] == 1) : return true; else : return false; endif; } ?>

Sample

GUI for Editing ACL {1} <?php $query_group = "SELECT * FROM user_group"; $result_group = mysql_query($query_group); while ($row_group = $csdb->mysql_fetch_array($result_group)) : $levels[$row_group["id"]] = $row_group["name"]; endwhile; ?> Module <?php foreach($levels as $value) : print “ ”.$value.” ”; endforeach; ?> <?php // continues… ?>

GUI for Editing ACL {2} <?php $query_acl = "SELECT * FROM acl ORDER BY id ASC"; $result_acl = mysql_query($query_acl); $count = 0; while($row_acl = mysql_fetch_array($result_acl)) : $menu_id[$count] = $row_acl["id"]; $menu_runid[$row_acl["id"]] = $count; $menu_name[$count] = $row_acl["name"]; $count++; endwhile; $query_acp = "SELECT * FROM user_privilege"; $result_acp = mysql_query($query_acp); while($row_acp = mysql_fetch_array($result_acp)) : $this_id = $menu_runid[$row_acp[“acl_id"]]; $menu_access[$this_id][$row_acp[“group_id"]] = 1; endwhile; // continues… ?>

GUI for Editing ACL {2} <?php $query_acl = "SELECT * FROM acl ORDER BY id ASC"; $result_acl = mysql_query($query_acl); $count = 0; while($row_acl = mysql_fetch_array($result_acl)) : $menu_id[$count] = $row_acl["id"]; $menu_runid[$row_acl["id"]] = $count; $menu_name[$count] = $row_acl["name"]; $count++; endwhile; $query_acp = "SELECT * FROM user_privilege"; $result_acp = mysql_query($query_acp); while($row_acp = mysql_fetch_array($result_acp)) : $this_id = $menu_runid[$row_acp[“acl_id"]]; $menu_access[$this_id][$row_acp[“group_id"]] = 1; endwhile; // continues… ?>

GUI for Editing ACL {3} $counts = 0; for($list = 0; $list < count($menu_id); $list++) : print " "; print " ".$menu_name[$list]." "; foreach($levels as $level => $name) : $checked = ((isset($menu_access[$list][$level]) and $menu_access[$list][$level] == 1) ? "checked='checked'" : ""); print " "; $counts++; endforeach; print " "; endfor; ?>

Submit ACL <?php // Validate post form command mysql_query("TRUNCATE TABLE user_privilege"); $acl_id = $_POST["menu_id"]; $acl_access = $_POST["menu_access"]; $acl_group = $_POST["menu_level"]; for ($i=0; $i < count($acl_id); $i++) : $bool = ((isset($acl_access[$i]) and $acl_access[$i] == 1) ? 1 : 0); if($bool == 1) : mysql_query("INSERT INTO user_privilege (acl_id, group_id) VALUES (".$acl_id[$i].", ".$acl_group[$i].")"); endif; endfor; ?>