[eluser]crises[/eluser]
Hi, i'm trying to develop a simple group access control based on Tank Auth. The premisses are simple: don't ever touch a file nor database tables related to Tank Auth. With this in mind i would like to ask for someone to check if my implementation is secure enough.
- I have added to new tables, roles and roles_to_users:
Code:
CREATE TABLE IF NOT EXISTS `roles` (
`id` int(11) NOT NULL,
`group` varchar(30) COLLATE utf8_spanish_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_spanish_ci;
CREATE TABLE IF NOT EXISTS `roles_to_users` (
`role_id` int(11) NOT NULL,
`user_id` int(11) NOT NULL,
KEY `id_role` (`rol_id`,`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_spanish2_ci;
- Then in my (wannabe)secured Controller i have:
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Admin extends Controller {
function Admin()
{
parent::Controller();
$this->load->library('permissions');
//Am I admin?
$this->permissions->check_for_admin();
}
function index()
{
//Whatever the function does :)
echo '<p>Index Panel!</p>';
}
}
?>
- And the fun part, the Library that should handle all:
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class Permissions extends Tank_auth {
function __construct()
{
$this->ci =& get_instance();