[eluser]Thorpe Obazee[/eluser]
I was thinking the same thing about the script editing the file.
I might have a use for this library for my personal project. Thanks.
[eluser]CtheB[/eluser]
Just out of curiosity: Why are you using php4 code here and php5 at hmvc?
Ofcourse it's easy to upgrade to php5, wich i will do.
Thank you for the library 
Off-topic:
I think not everybody is realising php6 is not backward compatible with php4,
php5 is compatible with php6, so writing php5 code only is good practise if you are using php5.
I know your answer is going to be: to support people who have a php4 server only.
But i'm curious how many people on this forum don't have the possibility to upgrade to php5.
I don't think there are many.
And i think not everybody is realising the fact that if they are using php4 custom code in codeigniter,
while they are having php5 server,
they have to upgrade all the code when they are going to upgrade to php6...
Because when an update of codeigniter comes wich is compatible to php6 they don't rewrite your custom code for you!
[eluser]CtheB[/eluser]
(sorry posted same post twice)
[eluser]wiredesignz[/eluser]
@CtheB, There is a PHP4 version of HMVC also.
For the moment coding PHP4 style is easier and for the most part still compatible with PHP5.
I have noticed that if you submit PHP5 code to the CI forums someone will inevitably ask you why it's not available as PHP4. 
[eluser]CtheB[/eluser]
And never got the question why it's not available as PHP5?
I think there are not many php4 developers left on this forum, honestly..
I hope many people go vote on this topic:
http://ellislab.com/forums/viewthread/114648/
[eluser]wiredesignz[/eluser]
PHP5 only version of Access Control Library.
Code: <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
* MX_ACL - Access Control Library PHP5
*
* Notes:
* $config['cache_path'] must be set
*
* Install this file as application/libraries/MX_ACL.php
*
* @copyright Copyright (c) Wiredesignz & Maxximus 2009-11-03
* @version 1.1
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
class MX_ACL
{
private $_config, $_cache_path;
public function __construct() {
$this->load->helper('url');
$this->load->library('session');
$this->load->config('mx_acl', TRUE);
$this->_config = $this->config->item('mx_acl');
$this->_cache_path = $this->config->item('cache_path');
/* previous flashdata is available to views */
$this->load->vars($this->_config['error_var'], $this->session->flashdata($this->_config['error_var']));
/* run the access control check now */
($this->_config['check_uri']) AND $this->check_uri();
}
/**
* Check the current uri and user privileges against the cached ACL array
* Redirect if access is denied
*
* @return void
*/
public function check_uri() {
/* Load the cached access control list or show error */
(is_file($cached_acl = $this->_cache_path.'mx_acl'.EXT)) OR show_error($this->_config['error_msg']);
$acl = include $cached_acl;
/* Match current url to access list */
if (is_array($acl) AND $acl = $this->match_uri($this->current_uri(), $acl)) {
/* Check session group against access level group */
$allow_access = (bool)(in_array($this->session->userdata($this->_config['session_var']), $acl['allowed']));
/* Additional check to allow IP addresses in range */
if ( ! $allow_access AND isset($acl['ipl'])) $allow_access = $this->check_ip($acl['ipl']);
if ($allow_access == FALSE) {
/* Set a return url into the session */
$this->session->set_userdata('return_url', $this->uri->uri_string());
/* set the error message... */
$error_msg = (isset($acl['error_msg'])) ? $acl['error_msg'] : $this->_config['error_msg'];
/* set a flash message... */
$this->session->set_flashdata($this->_config['error_var'], $error_msg);
/* redirect to absolute url */
die(header("Location: ".$acl['error_uri'], TRUE, 302));
}
}
}
/**
* Return the access control profile for a given url
*
* @return string
* @param string $current_uri
* @param array $acl
*/
private function match_uri($current_uri, $acl) {
if (array_key_exists($current_uri, $acl)) {
return $acl[$current_uri];
} else {
if ($pos = strripos($current_uri, '/')) {
return $this->match_uri(substr($current_uri, 0, $pos), $acl);
}
}
}
/**
* Returns the current uri string from segments
*
* @return string
*/
private function current_uri() {
return implode('/', $this->uri->rsegments);
}
/**
* Checks the remote IP address against the specified $ipl array
*
* @return bool
* @param array $ipl
* @param string $remote_ip[optional]
*/
private function check_ip($ipl, $remote_ip = NULL) {
/* Convert ip address into a double (for lousy OSes)*/
$remote_ip = floatval(ip2long(($this->session->userdata('ip_address'))));
/* Loop through the ip list array */
foreach ($ipl as $allowed_ip) {
/* Replace '*' (for IP ranges) with a suitable range number */
$min = str_replace("*", "0", $allowed_ip);
$max = str_replace("*", "255", $allowed_ip);
/* Check for a match */
if (($remote_ip >= floatval(ip2long($min))) AND ($remote_ip <= floatval(ip2long($max)))) {
return TRUE;
}
}
}
public function __get($var) {
static $CI;
(is_object($CI)) OR $CI = get_instance();
return $CI->$var;
}
}
/* End of file MX_ACL.php */
/* Location: ./application/libraries/MX_ACL.php */
[eluser]ardinotow[/eluser]
Hi wiredesignz,
I tried PHP5 Only version but the error message shown up in every page including the page that should be accessible by everyone without login.
Why can this happened?
[eluser]natanv[/eluser]
You need to modify the following line of the mx_acl controller:
Code: $this->_cache_path = $this->config->item('cache_path');
TO:
Code: $this->_cache_path = $this->config->item('cache_path', 'mx_acl');
Then add/create the following config var 'cache_path' in config/mx_acl and set it to your mx_acl cache dir.
Otherwise it will fail to load the access control list cache and automatically display the error.
:coolsmile:
[eluser]tkyy[/eluser]
oh neat, i made something similar
Code: <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/*
|---------------------------------------------------------------
| ACCESS CONTROL LIBRARY
|---------------------------------------------------------------
|
| This library allows us to restrict access to specific users,
| it essentially creates "roles" inside of the application.
|
| The access level number is generally the user's role number,
| for instance when I implement this there is generally make a
| field in the user's table called 'access' or 'type' that
| corresponds to the access level.
|
| Author: Doug Lauer <[email protected]> <http://taky.bz>
| Date: Thu Nov 11 2010
|
*/
class access_control{
//class variables
var $ci, $userdata, $access_field, $my_access, $users_table, $user_id;
//const
function settings($access_field='access',$user_table='users',$user_id=''){
//give me the ci superobject
$this->ci = get_instance();
//give me the current userdata
$this->userdata = $this->ci->session->userdata;
//grab the field we designated for storing the user access levels
$this->access_field = $user_field;
//validate that value as well
if($this->access_field==''){
ed('noexists_access_field');
}
//grab the users table
$this->users_table = $user_table;
//validate that too
if($this->users_table==''){
ed('noexists_users_table');
}
//validate an set the user's primary id
if(!is_numeric($user_id)) ed('invalid_user_id');
//set it into the class variables
$this->user_id = $user_id;
//grab the users access level from the userdata
$this->grab_level();
}
/*
|---------------------------------------------------------------
| PUBLIC FUNCTIONS, CALLABLE
|---------------------------------------------------------------
*/
//define an access level for a particular page, checks userdata
//you should put this function into the constructor functions for
//controllers generally, but it can also be placed in specific functions
//instead!
function define_access($number=''){
//validate the input at a glance
if(!is_numeric($number) || $number=='') ed('invalid_access_level');
//simple, right?
if($this->access_level=>$number){
//cool, the user is able to view this page
return TRUE;
}else{
//no, this user does not have the privledges to view
return FALSE;
}
}
/*
|---------------------------------------------------------------
| PRIVATE FUNCTIONS, INTERNAL
|---------------------------------------------------------------
*/
//echo and die, "ed"
private function ed($string=''){
//you got me, i'm dead!
echo $string;
die;
}
//grabs my access level from the userdata
private function grab_level(){
//check if the access level is in the userdata first, this will
//avoid doing another get query from the database if we can
if($this->userdata[$this->access_field]!=''){
//set my access level according to the userdata
$this->my_access = $this->userdata[$this->access_field];
}else{
//no userdata existed, we have to grab this from the database instead
$result = $this->ci->db->select($this->access_field)
->from($this->users_table)
->where('id',$this->user_id)
->limit(1)
->get()
->result_array();
//validate a result was returned
if(isset($result[0][$this->access_field])){
//good, we have something back, set it
$this->my_access = $result[0][$this->access_field];
}else{
//we didn't return any results for that query, die
ed('noresult_access_query');
}
}
}
}
# EXAMPLE LIBRARY USAGE
# ---------------------------------------------------------------
#
# //controller constructor
# function welcome(){
#
# parent::controller();
#
# $this->load->library('access_control');
#
# $this->access_control->settings('access','users',$this->session->userdata['id']);
#
# if(!$this->access_control->define_access(8)){
#
# redirect($this->config->item('base_url'));
#
# }
#
# }
#
[eluser]iansane[/eluser]
[quote author="wiredesignz" date="1241490109"]Hi Johan Andre,
MX_Acl does not require any interaction from your controllers.
MX_Acl checks the URI and session userdata "role_id" (and IP address) against its cached access control list and automatically redirects if access is denied to that user.
Session flashdata is set with your access denied "error_msg" and session userdata "return_url" is set with the current URI in case you wish to return to the same location after a login procedure.
Most of the configuration variable names are customizable to suit your own application.
Hope this helps.[/quote]
Hi, I have copied all of the files (used the php5 version and the php4 version) but it doesn't appear to do anything. If you don't use it in controllers then how does it work? I added a array for 'welcome' page and set the allowed ip to 127.0.0.2 but it seems to be ignored. I don't get any errors. I just get directed to the welcome controller.
Can you explain the cached access arrays?
For example I want to restrict access to the welcome controller for a test so I have this array:
Code: 'welcome' => array(
'allowed' => array(1, 2, 3),
'ipl' => array('127.0.0.2'),
'error_uri' => (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : site_url('noaccess'),
'error_msg' => 'You do not have permission to update this page!',
),
I made a noaccess controller and noaccess view so it would have something to redirect to. I don't know what the array(1,2,3) numbers mean or how to set what they mean.
Can you provide an example of usage and how to set the roles for role_id 1,2,3 ?
Thanks
|
