subject:"\[PHP\] Re\: intranet security"

[PHP] Re: intranet security

2002-02-27 Thread Julio Nobrega Trabalhando


  I've done it :-)

  But be careful. There are dozens of way to implement this. My way is
simple, but makes use of too many sql queries I believe. Could have stored
everything in one line and grab it at user's login, but anyway My
current way seems more logical to follow and update.

  I have created these 'groups of power', where you can add/remove users.
Since an user can be part of more than one group, I store in a session array
these groups ids.

  In a page where it's necessary to verify if the user (actually, the groups
he's attached to) can perform certain actions, there's a little check like
this:

$var = '';
foreach ($_SESSION['user']['group_ids'] as $value) {
$var .= OR group_id = '$value' ;
}

  And a Mysql query:

// 'groups' is a table with a collumn for every section of the site.
$sql = SELECT section_power FROM groups WHERE id = 0  . $var . AND active
= 1;
$res = mysql_query($sql);
while (list($section_power) = mysql_fetch_array($res)) {
// using parse_str() since the data is stored om Mysql as:
// r=1w=1d=0m=0
parse_str($section_power);
// More on discover_power() below
discover_powers($r,$w,$d,$m);
}

function discover_powers($r, $w, $d, $m) {
   // If there's no current power defined:
if (!isset($_SESSION['user']['powers']['section']['w'])) {
// User's power the same as the var;
$_SESSION['user']['powers']['section']['w'] = $w;
} else {
// Else, in the while loop above, he's assigned to one group with
power = 0
   // and another one with power = 1, let the user get 1
if ($w  $_SESSION['user']['powers']['section']['w']) {
$_SESSION['user']['powers']['section']['w'] = $w;
}
}


  Well, pretty much is like this. I am close to redesign the whole thing
because of the many SQL queries, the while loop calling two functions for
every group the user is attached, and because it's plain a 'not-elegant'
solution.

  Feel free to steal any ideas :-D

--

Julio Nobrega.

Um dia eu chego lá:
http://sourceforge.net/projects/toca



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: intranet security

2002-02-27 Thread Scott St. John


Thank you.  What I am trying to avoid is doing a parsing of the string 
everytime a user comes in.  My thought is to use a user table, a group 
table and then a permissions table that will allow the user to be a member 
of more than one group.

Thank you,

-Scott




On Wed, 27 Feb 2002, Julio Nobrega Trabalhando wrote:

   I've done it :-)
 
   But be careful. There are dozens of way to implement this. My way is
 simple, but makes use of too many sql queries I believe. Could have stored
 everything in one line and grab it at user's login, but anyway My
 current way seems more logical to follow and update.
 
   I have created these 'groups of power', where you can add/remove users.
 Since an user can be part of more than one group, I store in a session array
 these groups ids.
 
   In a page where it's necessary to verify if the user (actually, the groups
 he's attached to) can perform certain actions, there's a little check like
 this:
 
 $var = '';
 foreach ($_SESSION['user']['group_ids'] as $value) {
 $var .= OR group_id = '$value' ;
 }
 
   And a Mysql query:
 
 // 'groups' is a table with a collumn for every section of the site.
 $sql = SELECT section_power FROM groups WHERE id = 0  . $var . AND active
 = 1;
 $res = mysql_query($sql);
 while (list($section_power) = mysql_fetch_array($res)) {
 // using parse_str() since the data is stored om Mysql as:
 // r=1w=1d=0m=0
 parse_str($section_power);
 // More on discover_power() below
 discover_powers($r,$w,$d,$m);
 }
 
 function discover_powers($r, $w, $d, $m) {
// If there's no current power defined:
 if (!isset($_SESSION['user']['powers']['section']['w'])) {
 // User's power the same as the var;
 $_SESSION['user']['powers']['section']['w'] = $w;
 } else {
 // Else, in the while loop above, he's assigned to one group with
 power = 0
// and another one with power = 1, let the user get 1
 if ($w  $_SESSION['user']['powers']['section']['w']) {
 $_SESSION['user']['powers']['section']['w'] = $w;
 }
 }
 
 
   Well, pretty much is like this. I am close to redesign the whole thing
 because of the many SQL queries, the while loop calling two functions for
 every group the user is attached, and because it's plain a 'not-elegant'
 solution.
 
   Feel free to steal any ideas :-D
 
 --
 
 Julio Nobrega.
 
 Um dia eu chego lá:
 http://sourceforge.net/projects/toca
 
 
 
 

-- 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: intranet security

Re: [PHP] Re: intranet security

2 matches

Site Navigation

Mail list logo

Footer information