ACL (Access Control List)

[bigjoe11a]

I been wanting to add some extra security to a web site that I been putting together and I fount a sample from google.com. How ever the coder screwed it up so bad that it took me over a month to fix the bugs. Any way after adding the last part to my project. I have one problem.

When I edit the user permissions. A drop down combow box is used. Just when it loads. It doesn't seem to display that users permissions from the mysql database right. So I was hoping some one could help me.

Here's the old code. If you need to see any other parts of the code. Let me know. I have plans to fix all of this and set up a sample for downloading.

Code Select Expand


case "perms":
        $myACL = new ACL($_GET['uid']);
        echo '<h2>Manage User Permissions: ('.$myACL->getUsername($_GET['uid']).')</h2>';
        echo '<form action="users.php?action=savePerms&uid='.$_GET['uid'].'" method="post">';
        echo '<table border="1" cellpadding="5" cellspacing="2">';
        //echo '<tr>';
           
$userACL = new ACL($_GET['uid']);
            $rPerms = $userACL->perms;
            $aPerms = $userACL->getAllPerms('full');
            foreach ($aPerms as $k => $v)
            {
                echo '<tr>';
                //echo '<td>'.$rPerms[$v['Key']]['inheritted'].'</td>';
                echo '<td>'. $v['Name'] . '</td>';
echo '<td><select name="perm_' . $v['ID'] . '">';
echo '<option value="1"';
//if ($userACL->hasPermission($v['Key'] == true) && $rPerms[$v['Key']]['inheritted'] != true) { echo ' selected="selected"'; }
                if ($userACL->hasPermission($v['Key'])) { echo ' selected="selected"'; } // && !$rPerms[$v['Key']]['inheritted']) { echo ' selected="selected"'; }
                echo '>Allow</option>';
               
                //echo '<option value="1">Allow</option>';
echo '<option value="0"';
//if ($rPerms[$v['Key']]['value'] == false && $rPerms[$v['Key']]['inheritted'] != true) { echo ' selected="selected"'; }
                if (!$rPerms[$v['Key']]['value'] && !$rPerms[$v['Key']]['inheritted']) { echo ' selected="selected"'; }
echo '>Deny</option>';
echo '<option value="X"';

                //if ($rPerms[$v['Key']]['inheritted'] == true || !array_key_exists($v['Key'],$rPerms))
                if ($rPerms[$v['Key']]['inheritted'] || !array_key_exists($v['Key'],$rPerms))
{
echo ' selected="selected"';
//if ($rPerms[$v['Key']]['value'] == true )                   
                    if ($rPerms[$v['Key']]['value'])
{
$iVal = '(Allow)';
} else {
$iVal = '(Deny)';
}
                    echo $rPerms[$v['Key']]['value'];   
}
               
echo '>Inherit '.$iVal.'</option>';
                echo '</select></td></tr>';
               
            }
       
    echo '</table>';
           
    echo '<input type="submit" name="Submit" value="Submit">';
        echo '</form>';
        echo '<form action="users.php?action=manage&uid='.$_GET['uid'].'" method="post">';
        echo '<input type="submit" name="Cancel" value="Cancel">';
        echo '</form>';
        break;


This is what I been doing to take some of the crap out and trying to get it to a point where it will work.

Code Select Expand


case "perms":
        $myACL = new ACL($_GET['uid']);
        echo '<h2>Manage User Permissions: ('.$myACL->getUsername($_GET['uid']).')</h2>';
        echo '<form action="users.php?action=savePerms&uid='.$_GET['uid'].'" method="post">';
        echo '<table border="1" cellpadding="5" cellspacing="2">';
        //echo '<tr>';
           
$userACL = new ACL($_GET['uid']);
            $rPerms = $userACL->perms;
            $aPerms = $userACL->getAllPerms('full');
            foreach ($aPerms as $k => $v)
            {
                echo '<tr>';
                //echo '<td>'.$rPerms[$v['Key']]['inheritted'].'</td>';
                echo '<td>'. $v['Name'] . '</td>';
echo '<td><select name="perm_' . $v['ID'] . '">';
echo '<option value="1"';
//if ($userACL->hasPermission($v['Key'] == true) && $rPerms[$v['Key']]['inheritted'] != true) { echo ' selected="selected"'; }
                if ($userACL->hasPermission($v['Key'])) { echo ' selected="selected"'; }
                echo '>Allow</option>';
               
                //echo '<option value="1">Allow</option>';
echo '<option value="0"';
//if ($rPerms[$v['Key']]['value'] == false && $rPerms[$v['Key']]['inheritted'] != true) { echo ' selected="selected"'; }
                if (!$userACL->hasPermission($v['Key'])) { echo ' selected="selected"'; }
echo '>Deny</option>';
//echo '<option value="X"';

                //if ($rPerms[$v['Key']]['inheritted'] == true || !array_key_exists($v['Key'],$rPerms))
                //if ($rPerms[$v['Key']]['inheritted'] || !array_key_exists($v['Key'],$rPerms))
//{
// echo ' selected="selected"';
//if ($rPerms[$v['Key']]['value'] == true )                   
                //    if ($rPerms[$v['Key']]['value'])
// {
//  $iVal = '(Allow)';
// } else {
// $iVal = '(Deny)';
// }
                //   echo $rPerms[$v['Key']]['value'];   
//}
               
//echo '>Inherit '.$iVal.'</option>';
                echo '</select></td></tr>';
               
            }
       
    echo '</table>';
           
    echo '<input type="submit" name="Submit" value="Submit">';
        echo '</form>';
        echo '<form action="users.php?action=manage&uid='.$_GET['uid'].'" method="post">';
        echo '<input type="submit" name="Cancel" value="Cancel">';
        echo '</form>';
        break;
       


Can some one help with this code.

Here's the link for the sample code from what this was from. Be aware that if you change the permissions for one user. You will change the permissions for all users. So be careful when using this code.

http://net.tutsplus.com/tutorials/php/a-better-login-system/