Codeigniter ACL library
浏览:5312次 出处信息
以下是代码片段: <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); /** * MX_ACL - Access Control Library PHP5 * * Notes: * $config['cache_path'] must be set * * Install this file as application/libraries/MX_ACL.php * * @copyright Copyright (c) Wiredesignz & Maxximus 2009-11-03 * @version 1.1 * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ class MX_ACL { private $_config, $_cache_path; public function __construct() { $this->load->helper('url'); $this->load->library('session'); $this->load->config('mx_acl', TRUE); $this->_config = $this->config->item('mx_acl'); $this->_cache_path = $this->config->item('cache_path'); /* previous flashdata is available to views */ $this->load->vars($this->_config['error_var'], $this->session->flashdata($this->_config['error_var'])); /* run the access control check now */ ($this->_config['check_uri']) AND $this->check_uri(); } /** * Check the current uri and user privileges against the cached ACL array * Redirect if access is denied * * @return void */ public function check_uri() { /* Load the cached access control list or show error */ (is_file($cached_acl = $this->_cache_path.'mx_acl'.EXT)) OR show_error($this->_config['error_msg']); $acl = include $cached_acl; /* Match current url to access list */ if (is_array($acl) AND $acl = $this->match_uri($this->current_uri(), $acl)) { /* Check session group against access level group */ $allow_access = (bool)(in_array($this->session->userdata($this->_config['session_var']), $acl['allowed'])); /* Additional check to allow IP addresses in range */ if ( ! $allow_access AND isset($acl['ipl'])) $allow_access = $this->check_ip($acl['ipl']); if ($allow_access == FALSE) { /* Set a return url into the session */ $this->session->set_userdata('return_url', $this->uri->uri_string()); /* set the error message... */ $error_msg = (isset($acl['error_msg'])) ? $acl['error_msg'] : $this->_config['error_msg']; /* set a flash message... */ $this->session->set_flashdata($this->_config['error_var'], $error_msg); /* redirect to absolute url */ die(header("Location: ".$acl['error_uri'], TRUE, 302)); } } } /** * Return the access control profile for a given url * * @return string * @param string $current_uri * @param array $acl */ private function match_uri($current_uri, $acl) { if (array_key_exists($current_uri, $acl)) { return $acl[$current_uri]; } else { if ($pos = strripos($current_uri, '/')) { return $this->match_uri(substr($current_uri, 0, $pos), $acl); } } } /** * Returns the current uri string from segments * * @return string */ private function current_uri() { return implode('/', $this->uri->rsegments); } /** * Checks the remote IP address against the specified $ipl array * * @return bool * @param array $ipl * @param string $remote_ip[optional] */ private function check_ip($ipl, $remote_ip = NULL) { /* Convert ip address into a double (for lousy OSes)*/ $remote_ip = floatval(ip2long(($this->session->userdata('ip_address')))); /* Loop through the ip list array */ foreach ($ipl as $allowed_ip) { /* Replace '*' (for IP ranges) with a suitable range number */ $min = str_replace("*", "0", $allowed_ip); $max = str_replace("*", "255", $allowed_ip); /* Check for a match */ if (($remote_ip >= floatval(ip2long($min))) AND ($remote_ip <= floatval(ip2long($max)))) { return TRUE; } } } public function __get($var) { static $CI; (is_object($CI)) OR $CI = get_instance(); return $CI->$var; } } /* End of file MX_ACL.php */ /* Location: ./application/libraries/MX_ACL.php */ |
以下是代码片段: <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); /** * MX_Acl configuration * * Save this file as application/config/mx_acl.php */ $config = array( 'check_uri' => TRUE, 'error_var' => 'error', 'error_msg' => 'You don\'t have sufficient access rights to view this page!', 'session_var' => 'role_id', ); |
以下是代码片段: <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); /** * This is the cached access control list * * save this file as {cache_path}/mx_acl.php */ return array( 'setting/update' => array( // the "module/controller/method" to protect 'allowed' => array(1), // the allowed user role_id array 'ipl' => array('127.0.0.1'), // the allowed IP range array 'error_uri' => site_url('secure/setting'), // the url to redirect to on failure 'error_msg' => 'You do not have permission to update this page!', ), 'page/update' => array( 'allowed' => array(1, 2, 3), 'ipl' => array('127.0.0.0','127.0.0.*'), 'error_uri' => (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : site_url('secure/page'), 'error_msg' => 'You do not have permission to update this page!', ), ); |
简单说明:
首先 php5 only。
MX_Acl和你的控制器不需要任何的交互。
MX_Acl检查访问的URI和session userdata “role_id”(还有IP地址)验证缓存的访问控制列表(ACL)
并且做到,自动重新定向非法的访问。
session flashdata 设置访问被拒绝的“error_msg”,session userdata “return_url” 设置当前的uri,如果你想返回处理后,依旧回到相同的位置。
可以配置其他的自定义变量名,以满足自己的应用。
建议继续学习:
QQ技术交流群:445447336,欢迎加入!
扫一扫订阅我的微信号:IT技术博客大学习
扫一扫订阅我的微信号:IT技术博客大学习
<< 前一篇:php5.3废弃函数
后一篇:关于ci和zend framework的一些牢骚 >>
文章信息
- 作者:淡水河边 来源: 淡水河边的博客
- 标签: ACL Codeigniter
- 发布时间:2010-06-17 10:20:43
近3天十大热文
- [54] IOS安全–浅谈关于IOS加固的几种方法
- [52] android 开发入门
- [52] 如何拿下简短的域名
- [51] 图书馆的世界纪录
- [50] Oracle MTS模式下 进程地址与会话信
- [49] Go Reflect 性能
- [46] 【社会化设计】自我(self)部分――欢迎区
- [46] 读书笔记-壹百度:百度十年千倍的29条法则
- [36] 程序员技术练级攻略
- [29] 视觉调整-设计师 vs. 逻辑