1 / 20

ACL in PHP

ACL in PHP. Isi Kandungan. Pengenalan Apa itu ACL? Fungsi ACL? IF Else Authorization ACL Sesi Soalsiasat. Pengenalan. Apa itu ACL? ACL atau akronimnya Access Control List, merupakan suatu kaedah untuk menentukan akses kepada sesuatu fungsi untuk setiap pengguna sistem.

Télécharger la présentation

ACL in PHP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ACL in PHP

  2. Isi Kandungan • Pengenalan • Apa itu ACL? • Fungsi ACL? • IF Else Authorization • ACL • Sesi Soalsiasat

  3. Pengenalan • Apa itu ACL?ACL atau akronimnya Access Control List, merupakan suatu kaedah untuk menentukan akses kepada sesuatu fungsi untuk setiap pengguna sistem. • Merupakan satu terma, ACL tidak dimasukkan sebagai fungsi native PHP dan perlu dibangunkan oleh pembangun; user defined function.

  4. IF Else Authentication • Adalah cara mudah untuk melaksanakan authorization access dalam sesuatu sistem. • Selalu digunakan dalam pembangunan PHP. • Terdapat banyak kelemahan. • Sukar untuk diurus. • Kurang dinamik.

  5. IF Else Authorization Contoh Aturcara <?php $username =“test”; $levels =“admin”; if($level == “admin”) : //give system management access to admin. elseif($level==“hr”) : //give human resource access to hr. elseif($level==“it-dept”) : //give IT department access to IT dept’s staff. endif; ?>

  6. Senario yang mungkin berlaku… • Organisasi telah berkembang, jabatan baru “Jabatan Multimedia” telah diwujudkan, sila beri akses kepada staf Jabatan Multimedia! • “Jabatan Multimedia” memerlukan akses kepada Modul “Jabatan IT”! • “Jabatan Multimedia” akan dimansuhkan dan staf “Jabatan Multimedia” akan diletakkan dibawah “Jabatan IT”, sila pindahkan modul “Jabatan Multimedia” kepada “Jabatan IT”.

  7. ACL • Kaedah ini menggunakan database, table yang diperlukan:- • acl • user • user_group • user_privilege • Lebih baik implement konsep Object Oriented Programming (OOP) untuk menguruskan akses. • Akses diperiksa berdasarkan kebenaran untuk menggunakan sesuatu module, bukan berdasarkan level pengguna.

  8. ACL – table acl

  9. ACL – table user

  10. ACL – table user_group

  11. ACL – table user_privilege

  12. Code {1} <?php // get user data $result =mysql_query(“SELECT u.username, g.id FROM user u LEFT JOIN user_group g ON u.group=g.id WHERE u.id=1”); $row = mysql_fetch_array($result); $username = $row[“username”]; $levels = $row[“id”]; $appACL= new ACL(); $appACL->fetch_ACL($level); if($appACL->check_ACL(1)) : //give access to module A elseif($appACL->check_ACL(2)) : //give access to module B elseif($appACL->check_ACL(3)) : //give access to module C endif; ?>

  13. Code {2} <?php class ACL { var $list_ACL; function fetch_ACL($level == 0) { $query =“SELECT p.id, FROM user_privilege p WHERE p.group_id=“.$level.” ORDER BY p.id ASC”; $result =mysql_query($query); $count = 1; while($row = mysql_fetch_array($result)) : while($count < $row[“id”]) : $this->list_ACL[$count]=0; $count++; endwhile; if($count == $row[“id”]) : $this->list_ACL[$count]=1; $count++; endif; endwhile; $query_acl = “SELECT count(id) AS totals FROM acl”; $result_acl =mysql_query($query_acl); $row_acl =mysql_fetch_array($result_acl); for(; $count <= $row_acl[“totals”]; $count++) : $this->list_ACL[$count]=0; endfor; } // continues..

  14. Code {3} // continues from last page functioncheck_ACL($acl =0) { if($this->list_ACL[$acl]==1) : return true; else: returnfalse; endif; } ?>

  15. Sample

  16. GUI for Editing ACL {1} <form id=“acl_manager” method=“post” action=“acl.php”> <?php $query_group = "SELECT * FROM user_group"; $result_group =mysql_query($query_group); while ($row_group = $csdb->mysql_fetch_array($result_group)) : $levels[$row_group["id"]]= $row_group["name"]; endwhile; ?> <table> <thead> <tr> <th>Module</th> <?php foreach($levels as $value) : print“<th>”.$value.”</th>”; endforeach; ?> </tr> </thead> <?php // continues… ?>

  17. GUI for Editing ACL {2} <tbody> <?php $query_acl ="SELECT * FROM acl ORDER BY id ASC"; $result_acl =mysql_query($query_acl); $count =0; while($row_acl =mysql_fetch_array($result_acl)) : $menu_id[$count]= $row_acl["id"]; $menu_runid[$row_acl["id"]]= $count; $menu_name[$count]= $row_acl["name"]; $count++; endwhile; $query_acp ="SELECT * FROM user_privilege"; $result_acp =mysql_query($query_acp); while($row_acp =mysql_fetch_array($result_acp)) : $this_id = $menu_runid[$row_acp[“acl_id"]]; $menu_access[$this_id][$row_acp[“group_id"]]=1; endwhile; // continues… ?>

  18. GUI for Editing ACL {2} <tbody> <?php $query_acl ="SELECT * FROM acl ORDER BY id ASC"; $result_acl =mysql_query($query_acl); $count =0; while($row_acl =mysql_fetch_array($result_acl)) : $menu_id[$count]= $row_acl["id"]; $menu_runid[$row_acl["id"]]= $count; $menu_name[$count] = $row_acl["name"]; $count++; endwhile; $query_acp ="SELECT * FROM user_privilege"; $result_acp =mysql_query($query_acp); while($row_acp =mysql_fetch_array($result_acp)) : $this_id = $menu_runid[$row_acp[“acl_id"]]; $menu_access[$this_id][$row_acp[“group_id"]] =1; endwhile; // continues… ?>

  19. GUI for Editing ACL {3} $counts = 0; for($list =0; $list <count($menu_id); $list++) : print"<tr>"; print"<td> <strong>".$menu_name[$list]."</strong> </td>"; foreach($levels as $level => $name) : $checked =((isset($menu_access[$list][$level])and $menu_access[$list][$level]==1) ?"checked='checked'" :""); print"<td> <input type='checkbox' ".$checked." id='menu_access_".$counts."' name='menu_access[".$counts."]' value='1' /> <input type='hidden' name='menu_id[".$counts."]' value='".$menu_id[$list]."' /> <input type='hidden' name='menu_level[".$list."]' value='".$level."' /> </td>"; $counts++; endforeach; print"</tr>"; endfor; ?> </tbody> </table> <div> <input type=“submit” name=“submit” value=“Submit” class=“button” /> </div> </form>

  20. Submit ACL <?php // Validate post form command mysql_query("TRUNCATE TABLE user_privilege"); $acl_id =$_POST["menu_id"]; $acl_access =$_POST["menu_access"]; $acl_group =$_POST["menu_level"]; for ($i=0; $i <count($acl_id); $i++) : $bool = ((isset($acl_access[$i]) and $acl_access[$i]==1) ?1:0); if($bool ==1) : mysql_query("INSERT INTO user_privilege (acl_id, group_id) VALUES (".$acl_id[$i].", ".$acl_group[$i].")"); endif; endfor; ?>

More Related