SlideShare a Scribd company logo

ACL in CodeIgniter

M
mirahman

A simpler approach to implement ACL in CodeIgniter.

1 of 16
Download to read offline
a simpler approach
 ACL stands for Access Control List  Used for Authorization purpose (eg: who access what)  Zend, CakePHP features ACL as key component of their framework  What about CodeIgniter?
 Using our custom control check function loadPage($pageID) { if($_SESSION[„userType‟] != “member”) { die(“you do not have access to this page”); } }  And the check goes on & on, Hard coded in our controller files…..
 What is this hook? ◦ a means to tap into and modify the inner workings of the framework without hacking the core files ◦ Have you heard of wordpress or mediawiki hook? ◦ Examples:  We want to execute a functionality before controllers are loaded
 Hooks must be enabled in CodeIgniter Config file $config['enable_hooks'] = True;  Hooks are defined in application/config/hooks.php file. Each hook is specified as a part of a global array named $hook $hook[„Hook_Point‟] = array( 'class' => 'MyClass', 'function' => 'Myfunction', 'filename' => 'Myclass.php', 'filepath' => 'hooks', 'params' => array() );
 pre_system Called very early during system execution. Only the benchmark and hooks class have been loaded at this point. No routing or other processes have happened.  pre_controller Called immediately prior to any of your controllers being called. All base classes, routing, and security checks have been done.  post_controller_constructor Called immediately after your controller is instantiated, but prior to any method calls happening.  post_controller Called immediately after your controller is fully executed.
 class The name of the class you wish to invoke. If you prefer to use a procedural function instead of a class, leave this item blank.  function The function name you wish to call.  filename The file name containing your class/function.  filepath The name of the directory containing your script. Note: Your script must be located in a directory INSIDE your application folder, so the file path is relative to that folder. For example, if your script is located in application/hooks, you will simply use hooks as your filepath. If your script is located in application/hooks/utilities you will use hooks/utilities as your filepath. No trailing slash.  params Any parameters you wish to pass to your script. This item is optional.
/* application/config/hooks.php */ $hook['pre_controller'] = array( 'class' => 'Accesscheck', 'function' => 'index', 'filename' => 'accesscheck.php', 'filepath' => 'hooks');
class Accesscheck { public function index($params) { require_once('permissions.php'); $baseURL = $GLOBALS['CFG']->config['base_url']; $routing =& load_class('Router'); $class = $routing->fetch_class(); $method = $routing->fetch_method();
if(! empty($doesNotRequireLogin[$class][$method])) { return true; } else { if(! $_SESSION['userType']) { //checking authentication header("location: {$baseURL}common/login"); exit; } else { if(empty($permissions[$_SESSION['userType']][$class][$method]) || $permissions[$_SESSION['userType']][$class][$method]!=true) { header("location: {$baseURL}common/unauthorized"); exit; } else { return true; } } } header("location: {$baseURL}common/unauthorized");
<?php $doesNotRequireLogin = array(); $permissions = array(); $doesNotRequireLogin['common']['index'] = true; $doesNotRequireLogin['common']['login'] = true; $doesNotRequireLogin['common']['dologin'] = true; $doesNotRequireLogin['common']['unauthorized'] = true; $doesNotRequireLogin['common']['message'] = true; $doesNotRequireLogin['common']['forgotpassword'] = true;
$permissions[„member‟][„blog'][„post‟] = true; $permissions[„member‟][„blog'][„view‟] = true; $permissions[„member‟][„blog'][„save‟] = true; $permissions[„member‟][„blog'][„rating‟] = true; $permissions[„guest‟][„blog'][„view‟] = true;
 We have eliminated the process of writing the authorization code on each controller functions  We have a better authorized application  We have a central access point with permissions and check.  We have used Array for better performance (you can use XML though)  This solution is better suited for role based access as well as dynamic role option.
 ACL as a Library ◦ There are few libraries available from CodeIgniter wiki page and other sources which can be used for ACL purpose.
M. MIZANUR RAHMAN Founder & C.T.O Informatix Technologies [mizan@informatixbd.com]

Recommended

RESTful API Design & Implementation with CodeIgniter PHP Framework
RESTful API Design & Implementation with CodeIgniter PHP FrameworkRESTful API Design & Implementation with CodeIgniter PHP Framework
RESTful API Design & Implementation with CodeIgniter PHP FrameworkBo-Yi Wu
 
Spring boot - an introduction
Spring boot - an introductionSpring boot - an introduction
Spring boot - an introductionJonathan Holloway
 
API_Testing_with_Postman
API_Testing_with_PostmanAPI_Testing_with_Postman
API_Testing_with_PostmanMithilesh Singh
 
Jboss Tutorial Basics
Jboss Tutorial BasicsJboss Tutorial Basics
Jboss Tutorial BasicsAnandraj Kulkarni
 
Flux architecture
Flux architectureFlux architecture
Flux architectureBoyan Mihaylov
 
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaUsing Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaAlejandro E Brito Monedero
 
Lecture 8 Enterprise Java Beans (EJB)
Lecture 8 Enterprise Java Beans (EJB)Lecture 8 Enterprise Java Beans (EJB)
Lecture 8 Enterprise Java Beans (EJB)Fahad Golra
 
Karate - Web-Service API Testing Made Simple
Karate - Web-Service API Testing Made SimpleKarate - Web-Service API Testing Made Simple
Karate - Web-Service API Testing Made SimpleVodqaBLR
 

Recommended

RESTful API Design & Implementation with CodeIgniter PHP Framework
RESTful API Design & Implementation with CodeIgniter PHP FrameworkRESTful API Design & Implementation with CodeIgniter PHP Framework
RESTful API Design & Implementation with CodeIgniter PHP FrameworkBo-Yi Wu
 
Spring boot - an introduction
Spring boot - an introductionSpring boot - an introduction
Spring boot - an introductionJonathan Holloway
 
API_Testing_with_Postman
API_Testing_with_PostmanAPI_Testing_with_Postman
API_Testing_with_PostmanMithilesh Singh
 
Jboss Tutorial Basics
Jboss Tutorial BasicsJboss Tutorial Basics
Jboss Tutorial BasicsAnandraj Kulkarni
 
Flux architecture
Flux architectureFlux architecture
Flux architectureBoyan Mihaylov
 
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaUsing Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaAlejandro E Brito Monedero
 
Lecture 8 Enterprise Java Beans (EJB)
Lecture 8 Enterprise Java Beans (EJB)Lecture 8 Enterprise Java Beans (EJB)
Lecture 8 Enterprise Java Beans (EJB)Fahad Golra
 
Karate - Web-Service API Testing Made Simple
Karate - Web-Service API Testing Made SimpleKarate - Web-Service API Testing Made Simple
Karate - Web-Service API Testing Made SimpleVodqaBLR
 
Introduction to Java 11
Introduction to Java 11 Introduction to Java 11
Introduction to Java 11 Knoldus Inc.
 
Log4j2
Log4j2Log4j2
Log4j2joergreichert
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsDamien Dallimore
 
Postman
PostmanPostman
PostmanIgor Shubovych
 
Oracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuningOracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuningMichel Schildmeijer
 
Mock Server Using WireMock
Mock Server Using WireMockMock Server Using WireMock
Mock Server Using WireMockGlobant
 
Karate for Complex Web-Service API Testing by Peter Thomas
Karate for Complex Web-Service API Testing by Peter ThomasKarate for Complex Web-Service API Testing by Peter Thomas
Karate for Complex Web-Service API Testing by Peter Thomasintuit_india
 
Automação de Teste para REST, Web e Mobile
Automação de Teste para REST, Web e MobileAutomação de Teste para REST, Web e Mobile
Automação de Teste para REST, Web e MobileElias Nogueira
 
Distribuer une librairie via maven
Distribuer une librairie via mavenDistribuer une librairie via maven
Distribuer une librairie via mavenFranck SIMON
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullahidsecconf
 
Java 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJava 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJosé Paumard
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVCIndicThreads
 
Java logging
Java loggingJava logging
Java loggingJumping Bean
 
Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Controlenigma0x3
 
Spring boot
Spring bootSpring boot
Spring bootBhagwat Kumar
 
Episode 8 - Path To Code - Integrate Salesforce with external system using R...
Episode 8 - Path To Code - Integrate Salesforce with external system using R...Episode 8 - Path To Code - Integrate Salesforce with external system using R...
Episode 8 - Path To Code - Integrate Salesforce with external system using R...Jitendra Zaa
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededFrans Rosén
 
General introduction to intellij idea
General introduction to intellij ideaGeneral introduction to intellij idea
General introduction to intellij ideaYusup
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeologyenigma0x3
 
Lets make a better react form
Lets make a better react formLets make a better react form
Lets make a better react formYao Nien Chung
 
PHP & MVC
PHP & MVCPHP & MVC
PHP & MVCChris Weldon
 
CodeIgniter - PHP MVC Framework by silicongulf.com
CodeIgniter - PHP MVC Framework by silicongulf.comCodeIgniter - PHP MVC Framework by silicongulf.com
CodeIgniter - PHP MVC Framework by silicongulf.comChristopher Cubos
 

More Related Content

What's hot

Introduction to Java 11
Introduction to Java 11 Introduction to Java 11
Introduction to Java 11 Knoldus Inc.
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsDamien Dallimore
 
Oracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuningOracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuningMichel Schildmeijer
 
Mock Server Using WireMock
Mock Server Using WireMockMock Server Using WireMock
Mock Server Using WireMockGlobant
 
Karate for Complex Web-Service API Testing by Peter Thomas
Karate for Complex Web-Service API Testing by Peter ThomasKarate for Complex Web-Service API Testing by Peter Thomas
Karate for Complex Web-Service API Testing by Peter Thomasintuit_india
 
Automação de Teste para REST, Web e Mobile
Automação de Teste para REST, Web e MobileAutomação de Teste para REST, Web e Mobile
Automação de Teste para REST, Web e MobileElias Nogueira
 
Distribuer une librairie via maven
Distribuer une librairie via mavenDistribuer une librairie via maven
Distribuer une librairie via mavenFranck SIMON
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullahidsecconf
 
Java 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJava 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJosé Paumard
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVCIndicThreads
 
Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Controlenigma0x3
 
Episode 8 - Path To Code - Integrate Salesforce with external system using R...
Episode 8 - Path To Code - Integrate Salesforce with external system using R...Episode 8 - Path To Code - Integrate Salesforce with external system using R...
Episode 8 - Path To Code - Integrate Salesforce with external system using R...Jitendra Zaa
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededFrans Rosén
 
General introduction to intellij idea
General introduction to intellij ideaGeneral introduction to intellij idea
General introduction to intellij ideaYusup
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeologyenigma0x3
 
Lets make a better react form
Lets make a better react formLets make a better react form
Lets make a better react formYao Nien Chung
 

What's hot (20)

Introduction to Java 11
Introduction to Java 11 Introduction to Java 11
Introduction to Java 11
 
Log4j2
Log4j2Log4j2
Log4j2
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring Applications
 
Postman
PostmanPostman
Postman
 
Oracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuningOracle WebLogic Diagnostics & Perfomance tuning
Oracle WebLogic Diagnostics & Perfomance tuning
 
Mock Server Using WireMock
Mock Server Using WireMockMock Server Using WireMock
Mock Server Using WireMock
 
Karate for Complex Web-Service API Testing by Peter Thomas
Karate for Complex Web-Service API Testing by Peter ThomasKarate for Complex Web-Service API Testing by Peter Thomas
Karate for Complex Web-Service API Testing by Peter Thomas
 
Automação de Teste para REST, Web e Mobile
Automação de Teste para REST, Web e MobileAutomação de Teste para REST, Web e Mobile
Automação de Teste para REST, Web e Mobile
 
Distribuer une librairie via maven
Distribuer une librairie via mavenDistribuer une librairie via maven
Distribuer une librairie via maven
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
 
Java 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelizationJava 8, Streams & Collectors, patterns, performances and parallelization
Java 8, Streams & Collectors, patterns, performances and parallelization
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVC
 
Java logging
Java loggingJava logging
Java logging
 
Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Control
 
Spring boot
Spring bootSpring boot
Spring boot
 
Episode 8 - Path To Code - Integrate Salesforce with external system using R...
Episode 8 - Path To Code - Integrate Salesforce with external system using R...Episode 8 - Path To Code - Integrate Salesforce with external system using R...
Episode 8 - Path To Code - Integrate Salesforce with external system using R...
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
 
General introduction to intellij idea
General introduction to intellij ideaGeneral introduction to intellij idea
General introduction to intellij idea
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeology
 
Lets make a better react form
Lets make a better react formLets make a better react form
Lets make a better react form
 

Viewers also liked

CodeIgniter - PHP MVC Framework by silicongulf.com
CodeIgniter - PHP MVC Framework by silicongulf.comCodeIgniter - PHP MVC Framework by silicongulf.com
CodeIgniter - PHP MVC Framework by silicongulf.comChristopher Cubos
 
The Agile Process - Taming Your Process To Work For You
The Agile Process - Taming Your Process To Work For YouThe Agile Process - Taming Your Process To Work For You
The Agile Process - Taming Your Process To Work For YouNowell Strite
 
Introduction To CodeIgniter
Introduction To CodeIgniterIntroduction To CodeIgniter
Introduction To CodeIgniterschwebbie
 
Embracing Distributed Version Control
Embracing Distributed Version ControlEmbracing Distributed Version Control
Embracing Distributed Version ControlNowell Strite
 
Djangocon 09 Presentation - Pluggable Applications
Djangocon 09 Presentation - Pluggable ApplicationsDjangocon 09 Presentation - Pluggable Applications
Djangocon 09 Presentation - Pluggable ApplicationsNowell Strite
 
Introduction to Python
Introduction to PythonIntroduction to Python
Introduction to PythonNowell Strite
 

Viewers also liked (7)

PHP & MVC
PHP & MVCPHP & MVC
PHP & MVC
 
CodeIgniter - PHP MVC Framework by silicongulf.com
CodeIgniter - PHP MVC Framework by silicongulf.comCodeIgniter - PHP MVC Framework by silicongulf.com
CodeIgniter - PHP MVC Framework by silicongulf.com
 
The Agile Process - Taming Your Process To Work For You
The Agile Process - Taming Your Process To Work For YouThe Agile Process - Taming Your Process To Work For You
The Agile Process - Taming Your Process To Work For You
 
Introduction To CodeIgniter
Introduction To CodeIgniterIntroduction To CodeIgniter
Introduction To CodeIgniter
 
Embracing Distributed Version Control
Embracing Distributed Version ControlEmbracing Distributed Version Control
Embracing Distributed Version Control
 
Djangocon 09 Presentation - Pluggable Applications
Djangocon 09 Presentation - Pluggable ApplicationsDjangocon 09 Presentation - Pluggable Applications
Djangocon 09 Presentation - Pluggable Applications
 
Introduction to Python
Introduction to PythonIntroduction to Python
Introduction to Python
 

Similar to ACL in CodeIgniter

Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony TechniquesKris Wallsmith
 
Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)andrewnacin
 
Building Lithium Apps
Building Lithium AppsBuilding Lithium Apps
Building Lithium AppsNate Abele
 
What mom never told you about bundle configurations - Symfony Live Paris 2012
What mom never told you about bundle configurations - Symfony Live Paris 2012What mom never told you about bundle configurations - Symfony Live Paris 2012
What mom never told you about bundle configurations - Symfony Live Paris 2012D
 
関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐいHisateru Tanaka
 
The Zen of Lithium
The Zen of LithiumThe Zen of Lithium
The Zen of LithiumNate Abele
 
Unit testing after Zend Framework 1.8
Unit testing after Zend Framework 1.8Unit testing after Zend Framework 1.8
Unit testing after Zend Framework 1.8Michelangelo van Dam
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkDirk Haun
 
Codeigniter : Two Step View - Concept Implementation
Codeigniter : Two Step View - Concept ImplementationCodeigniter : Two Step View - Concept Implementation
Codeigniter : Two Step View - Concept ImplementationAbdul Malik Ikhsan
 
Apostrophe (improved Paris edition)
Apostrophe (improved Paris edition)Apostrophe (improved Paris edition)
Apostrophe (improved Paris edition)tompunk
 
Aura Project for PHP
Aura Project for PHPAura Project for PHP
Aura Project for PHPHari K T
 
The State of Lithium
The State of LithiumThe State of Lithium
The State of LithiumNate Abele
 
Workshop quality assurance for php projects - ZendCon 2013
Workshop quality assurance for php projects - ZendCon 2013Workshop quality assurance for php projects - ZendCon 2013
Workshop quality assurance for php projects - ZendCon 2013Michelangelo van Dam
 
Easy rest service using PHP reflection api
Easy rest service using PHP reflection apiEasy rest service using PHP reflection api
Easy rest service using PHP reflection apiMatthieu Aubry
 
Symfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologySymfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologyDaniel Knell
 
CodeIgniter PHP MVC Framework
CodeIgniter PHP MVC FrameworkCodeIgniter PHP MVC Framework
CodeIgniter PHP MVC FrameworkBo-Yi Wu
 
Workshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastWorkshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastMichelangelo van Dam
 
symfony on action - WebTech 207
symfony on action - WebTech 207symfony on action - WebTech 207
symfony on action - WebTech 207patter
 
Phpne august-2012-symfony-components-friends
Phpne august-2012-symfony-components-friendsPhpne august-2012-symfony-components-friends
Phpne august-2012-symfony-components-friendsMichael Peacock
 

Similar to ACL in CodeIgniter (20)

Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony Techniques
 
Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)
 
Building Lithium Apps
Building Lithium AppsBuilding Lithium Apps
Building Lithium Apps
 
What mom never told you about bundle configurations - Symfony Live Paris 2012
What mom never told you about bundle configurations - Symfony Live Paris 2012What mom never told you about bundle configurations - Symfony Live Paris 2012
What mom never told you about bundle configurations - Symfony Live Paris 2012
 
関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい
 
The Zen of Lithium
The Zen of LithiumThe Zen of Lithium
The Zen of Lithium
 
Unit testing after Zend Framework 1.8
Unit testing after Zend Framework 1.8Unit testing after Zend Framework 1.8
Unit testing after Zend Framework 1.8
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application Framework
 
Codeigniter : Two Step View - Concept Implementation
Codeigniter : Two Step View - Concept ImplementationCodeigniter : Two Step View - Concept Implementation
Codeigniter : Two Step View - Concept Implementation
 
Apostrophe (improved Paris edition)
Apostrophe (improved Paris edition)Apostrophe (improved Paris edition)
Apostrophe (improved Paris edition)
 
Aura Project for PHP
Aura Project for PHPAura Project for PHP
Aura Project for PHP
 
The State of Lithium
The State of LithiumThe State of Lithium
The State of Lithium
 
Workshop quality assurance for php projects - ZendCon 2013
Workshop quality assurance for php projects - ZendCon 2013Workshop quality assurance for php projects - ZendCon 2013
Workshop quality assurance for php projects - ZendCon 2013
 
Easy rest service using PHP reflection api
Easy rest service using PHP reflection apiEasy rest service using PHP reflection api
Easy rest service using PHP reflection api
 
Symfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologySymfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technology
 
CodeIgniter PHP MVC Framework
CodeIgniter PHP MVC FrameworkCodeIgniter PHP MVC Framework
CodeIgniter PHP MVC Framework
 
Workshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastWorkshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfast
 
symfony on action - WebTech 207
symfony on action - WebTech 207symfony on action - WebTech 207
symfony on action - WebTech 207
 
Phpne august-2012-symfony-components-friends
Phpne august-2012-symfony-components-friendsPhpne august-2012-symfony-components-friends
Phpne august-2012-symfony-components-friends
 
Rails is not just Ruby
Rails is not just RubyRails is not just Ruby
Rails is not just Ruby
 

ACL in CodeIgniter

  • 2. ACL stands for Access Control List  Used for Authorization purpose (eg: who access what)  Zend, CakePHP features ACL as key component of their framework  What about CodeIgniter?
  • 3.
  • 4. Using our custom control check function loadPage($pageID) { if($_SESSION[„userType‟] != “member”) { die(“you do not have access to this page”); } }  And the check goes on & on, Hard coded in our controller files…..
  • 5. What is this hook? ◦ a means to tap into and modify the inner workings of the framework without hacking the core files ◦ Have you heard of wordpress or mediawiki hook? ◦ Examples:  We want to execute a functionality before controllers are loaded
  • 6. Hooks must be enabled in CodeIgniter Config file $config['enable_hooks'] = True;  Hooks are defined in application/config/hooks.php file. Each hook is specified as a part of a global array named $hook $hook[„Hook_Point‟] = array( 'class' => 'MyClass', 'function' => 'Myfunction', 'filename' => 'Myclass.php', 'filepath' => 'hooks', 'params' => array() );
  • 7. pre_system Called very early during system execution. Only the benchmark and hooks class have been loaded at this point. No routing or other processes have happened.  pre_controller Called immediately prior to any of your controllers being called. All base classes, routing, and security checks have been done.  post_controller_constructor Called immediately after your controller is instantiated, but prior to any method calls happening.  post_controller Called immediately after your controller is fully executed.
  • 8. class The name of the class you wish to invoke. If you prefer to use a procedural function instead of a class, leave this item blank.  function The function name you wish to call.  filename The file name containing your class/function.  filepath The name of the directory containing your script. Note: Your script must be located in a directory INSIDE your application folder, so the file path is relative to that folder. For example, if your script is located in application/hooks, you will simply use hooks as your filepath. If your script is located in application/hooks/utilities you will use hooks/utilities as your filepath. No trailing slash.  params Any parameters you wish to pass to your script. This item is optional.
  • 9. /* application/config/hooks.php */ $hook['pre_controller'] = array( 'class' => 'Accesscheck', 'function' => 'index', 'filename' => 'accesscheck.php', 'filepath' => 'hooks');
  • 10. class Accesscheck { public function index($params) { require_once('permissions.php'); $baseURL = $GLOBALS['CFG']->config['base_url']; $routing =& load_class('Router'); $class = $routing->fetch_class(); $method = $routing->fetch_method();
  • 11. if(! empty($doesNotRequireLogin[$class][$method])) { return true; } else { if(! $_SESSION['userType']) { //checking authentication header("location: {$baseURL}common/login"); exit; } else { if(empty($permissions[$_SESSION['userType']][$class][$method]) || $permissions[$_SESSION['userType']][$class][$method]!=true) { header("location: {$baseURL}common/unauthorized"); exit; } else { return true; } } } header("location: {$baseURL}common/unauthorized");
  • 12. <?php $doesNotRequireLogin = array(); $permissions = array(); $doesNotRequireLogin['common']['index'] = true; $doesNotRequireLogin['common']['login'] = true; $doesNotRequireLogin['common']['dologin'] = true; $doesNotRequireLogin['common']['unauthorized'] = true; $doesNotRequireLogin['common']['message'] = true; $doesNotRequireLogin['common']['forgotpassword'] = true;
  • 13. $permissions[„member‟][„blog'][„post‟] = true; $permissions[„member‟][„blog'][„view‟] = true; $permissions[„member‟][„blog'][„save‟] = true; $permissions[„member‟][„blog'][„rating‟] = true; $permissions[„guest‟][„blog'][„view‟] = true;
  • 14. We have eliminated the process of writing the authorization code on each controller functions  We have a better authorized application  We have a central access point with permissions and check.  We have used Array for better performance (you can use XML though)  This solution is better suited for role based access as well as dynamic role option.
  • 15. ACL as a Library ◦ There are few libraries available from CodeIgniter wiki page and other sources which can be used for ACL purpose.
  • 16. M. MIZANUR RAHMAN Founder & C.T.O Informatix Technologies [mizan@informatixbd.com]