技术头条 - 一个快速在微博传播文章的方式     搜索本站
您现在的位置首页 --> PHP --> Codeigniter ACL library

Codeigniter ACL library

浏览:5314次  出处信息

以下是代码片段:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
* MX_ACL - Access Control Library PHP5
*
* Notes:
* $config['cache_path'] must be set
*
* Install this file as application/libraries/MX_ACL.php
*
*
@copyright    Copyright (c) Wiredesignz & Maxximus 2009-11-03
*
@version     1.1
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/

class MX_ACL
{   
    
private $_config, $_cache_path;
    
    
public function __construct() {
        
        
$this->load->helper('url');
        
$this->load->library('session');
        
$this->load->config('mx_acl', TRUE);
        
        
$this->_config = $this->config->item('mx_acl');
        
$this->_cache_path = $this->config->item('cache_path');
        
        
/* previous flashdata is available to views */
        
$this->load->vars($this->_config['error_var'], $this->session->flashdata($this->_config['error_var']));
        
        
/* run the access control check now */
        
($this->_config['check_uri']) AND $this->check_uri();
    
}
    
    
/**
     * Check the current uri and user privileges against the cached ACL array
     * Redirect if access is denied
     *
     *
@return void
     */

    
public function check_uri() {
        
        
/* Load the cached access control list or show error */
        
(is_file($cached_acl = $this->_cache_path.'mx_acl'.EXT)) OR show_error($this->_config['error_msg']);
        
        
$acl = include $cached_acl;
 
        
/* Match current url to access list */
        
if (is_array($acl) AND $acl = $this->match_uri($this->current_uri(), $acl)) {
            
            
/* Check session group against access level group */
            
$allow_access = (bool)(in_array($this->session->userdata($this->_config['session_var']), $acl['allowed']));
                
            
/* Additional check to allow IP addresses in range */
            
if ( ! $allow_access AND isset($acl['ipl'])) $allow_access = $this->check_ip($acl['ipl']);
                
            
if ($allow_access == FALSE)    {
                
                
/* Set a return url into the session */
                
$this->session->set_userdata('return_url', $this->uri->uri_string());
                
                
/* set the error message... */
                
$error_msg = (isset($acl['error_msg'])) ? $acl['error_msg'] : $this->_config['error_msg'];
                    
                
/* set a flash message... */
                
$this->session->set_flashdata($this->_config['error_var'], $error_msg);       
                    
                
/* redirect to absolute url */
                
die(header("Location: ".$acl['error_uri'], TRUE, 302));
            
}
        
}
    
}
    
    
/**
     * Return the access control profile for a given url
     *
     *
@return string
     *
@param string $current_uri
     *
@param array  $acl
     */

    
private function match_uri($current_uri, $acl) {
        
if (array_key_exists($current_uri, $acl)) {
            
return $acl[$current_uri];           
        
} else {
            
if ($pos = strripos($current_uri, '/')) {
                
return $this->match_uri(substr($current_uri, 0, $pos), $acl);
            
}
        
}
    
}
 
    
/**
     * Returns the current uri string from segments
     *
     *
@return string
     */

    
private function current_uri() {
        
return implode('/', $this->uri->rsegments);
    
}
 
    
/**
     * Checks the remote IP address against the specified $ipl array
     *
     *
@return bool
     *
@param array $ipl
     *
@param string $remote_ip[optional]
     */
   
    
private function check_ip($ipl, $remote_ip = NULL) {
        
        
/* Convert ip address into a double (for lousy OSes)*/
        
$remote_ip = floatval(ip2long(($this->session->userdata('ip_address'))));
        
        
/* Loop through the ip list array */
        
foreach ($ipl as $allowed_ip) {
            
            
/* Replace '*' (for IP ranges) with a suitable range number */
            
$min = str_replace("*", "0", $allowed_ip);       
            
$max = str_replace("*", "255", $allowed_ip);
 
            
/* Check for a match */
            
if (($remote_ip >= floatval(ip2long($min))) AND ($remote_ip <= floatval(ip2long($max)))) {
                
return TRUE;
            
}
        
}
    
}
    
    
public function __get($var)    {
        
static $CI;
        
(is_object($CI)) OR $CI = get_instance();
        
return $CI->$var;
    
}
}
/* End of file MX_ACL.php */
/* Location: ./application/libraries/MX_ACL.php */

以下是代码片段:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
* MX_Acl configuration
*
* Save this file as application/config/mx_acl.php
*/

$config = array(
    
'check_uri'    => TRUE,
    
'error_var'    => 'error',
    
'error_msg'    => 'You don\'t have sufficient access rights to view this page!',
    
'session_var'  => 'role_id',
);

以下是代码片段:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
* This is the cached access control list
*
* save this file as {cache_path}/mx_acl.php
*/

return array(
    
'setting/update' => array(                       // the "module/controller/method" to protect
        
'allowed'    => array(1),                    // the allowed user role_id array
        
'ipl'        => array('127.0.0.1'),          // the allowed IP range array
        
'error_uri'  => site_url('secure/setting')// the url to redirect to on failure
        
'error_msg'  => 'You do not have permission to update this page!',
    
),
    
'page/update'    => array(
        
'allowed'    => array(1, 2, 3),
        
'ipl'        => array('127.0.0.0','127.0.0.*'),
        
'error_uri'  => (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : site_url('secure/page'),
        
'error_msg'  => 'You do not have permission to update this page!',
    
),
);

    简单说明:

    首先 php5 only。

    MX_Acl和你的控制器不需要任何的交互。

    MX_Acl检查访问的URI和session userdata “role_id”(还有IP地址)验证缓存的访问控制列表(ACL)

    并且做到,自动重新定向非法的访问。

    session flashdata 设置访问被拒绝的“error_msg”,session userdata “return_url” 设置当前的uri,如果你想返回处理后,依旧回到相同的位置。

    可以配置其他的自定义变量名,以满足自己的应用。

建议继续学习:

  1. Codeigniter里的无刷新上传    (阅读:4605)
  2. 抽离CodeIgniter的数据库访问类!    (阅读:2300)
QQ技术交流群:445447336,欢迎加入!
扫一扫订阅我的微信号:IT技术博客大学习
© 2009 - 2024 by blogread.cn 微博:@IT技术博客大学习

京ICP备15002552号-1