| 以下是代码片段: <?phpif(!defined('BASEPATH'))exit('No direct script access allowed'); /** * MX_ACL - Access Control Library PHP5 * * Notes: * $config['cache_path'] must be set * * Install this file as application/libraries/MX_ACL.php * * @copyright Copyright (c) Wiredesignz & Maxximus 2009-11-03 * @version 1.1 * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ classMX_ACL { private$_config, $_cache_path; publicfunction__construct(){ $this->load->helper('url'); $this->load->library('session'); $this->load->config('mx_acl', TRUE); $this->_config = $this->config->item('mx_acl'); $this->_cache_path = $this->config->item('cache_path'); /* previous flashdata is available to views */ $this->load->vars($this->_config['error_var'], $this->session->flashdata($this->_config['error_var'])); /* run the access control check now */ ($this->_config['check_uri'])AND$this->check_uri(); } /** * Check the current uri and user privileges against the cached ACL array * Redirect if access is denied * * @return void */ publicfunctioncheck_uri(){ /* Load the cached access control list or show error */ (is_file($cached_acl = $this->_cache_path.'mx_acl'.EXT))ORshow_error($this->_config['error_msg']); $acl = include$cached_acl; /* Match current url to access list */ if(is_array($acl)AND$acl = $this->match_uri($this->current_uri(), $acl)){ /* Check session group against access level group */ $allow_access = (bool)(in_array($this->session->userdata($this->_config['session_var']), $acl['allowed'])); /* Additional check to allow IP addresses in range */ if( ! $allow_accessANDisset($acl['ipl']))$allow_access = $this->check_ip($acl['ipl']); if($allow_access == FALSE) { /* Set a return url into the session */ $this->session->set_userdata('return_url', $this->uri->uri_string()); /* set the error message... */ $error_msg = (isset($acl['error_msg'])) ? $acl['error_msg'] : $this->_config['error_msg']; /* set a flash message... */ $this->session->set_flashdata($this->_config['error_var'], $error_msg); /* redirect to absolute url */ die(header("Location: ".$acl['error_uri'], TRUE, 302)); } } } /** * Return the access control profile for a given url * * @return string * @param string $current_uri * @param array $acl */ privatefunctionmatch_uri($current_uri, $acl){ if(array_key_exists($current_uri, $acl)){ return$acl[$current_uri]; }else{ if($pos = strripos($current_uri, '/')){ return$this->match_uri(substr($current_uri, 0, $pos), $acl); } } } /** * Returns the current uri string from segments * * @return string */ privatefunctioncurrent_uri(){ returnimplode('/', $this->uri->rsegments); } /** * Checks the remote IP address against the specified $ipl array * * @return bool * @param array $ipl * @param string $remote_ip[optional] */ privatefunctioncheck_ip($ipl, $remote_ip = NULL){ /* Convert ip address into a double (for lousy OSes)*/ $remote_ip = floatval(ip2long(($this->session->userdata('ip_address')))); /* Loop through the ip list array */ foreach($iplas$allowed_ip){ /* Replace '*' (for IP ranges) with a suitable range number */ $min = str_replace("*", "0", $allowed_ip); $max = str_replace("*", "255", $allowed_ip); /* Check for a match */ if(($remote_ip >= floatval(ip2long($min)))AND($remote_ip <= floatval(ip2long($max)))){ returnTRUE; } } } publicfunction__get($var) { static$CI; (is_object($CI))OR$CI = get_instance(); return$CI->$var; } } /* End of file MX_ACL.php */ /* Location: ./application/libraries/MX_ACL.php */ |
| 以下是代码片段: <?phpif(!defined('BASEPATH'))exit('No direct script access allowed'); /** * MX_Acl configuration * * Save this file as application/config/mx_acl.php */ $config = array( 'check_uri' => TRUE, 'error_var' => 'error', 'error_msg' => 'You don\'t have sufficient access rights to view this page!', 'session_var' => 'role_id', ); |
| 以下是代码片段: <?phpif(!defined('BASEPATH'))exit('No direct script access allowed'); /** * This is the cached access control list * * save this file as {cache_path}/mx_acl.php */ returnarray( 'setting/update' => array( // the "module/controller/method" to protect 'allowed' => array(1), // the allowed user role_id array 'ipl' => array('127.0.0.1'), // the allowed IP range array 'error_uri' => site_url('secure/setting'), // the url to redirect to on failure 'error_msg' => 'You do not have permission to update this page!', ), 'page/update' => array( 'allowed' => array(1, 2, 3), 'ipl' => array('127.0.0.0','127.0.0.*'), 'error_uri' => (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : site_url('secure/page'), 'error_msg' => 'You do not have permission to update this page!', ), ); |
简单说明:
首先 php5 only。
MX_Acl和你的控制器不需要任何的交互。
MX_Acl检查访问的URI和session userdata “role_id”(还有IP地址)验证缓存的访问控制列表(ACL)
并且做到,自动重新定向非法的访问。
session flashdata 设置访问被拒绝的“error_msg”,session userdata “return_url” 设置当前的uri,如果你想返回处理后,依旧回到相同的位置。
可以配置其他的自定义变量名,以满足自己的应用。