![ Using our custom control check
function loadPage($pageID)
{
if($_SESSION[„userType‟] != “member”)
{
die(“you do not have access to this page”);
}
}
And the check goes on & on, Hard coded in
our controller files…..](https://image.slidesharecdn.com/aclincodeigniter-mizanurrahman-101109053429-phpapp02/85/ACL-in-CodeIgniter-4-320.jpg)
![ Hooks must be enabled in CodeIgniter Config file
$config['enable_hooks'] = True;
Hooks are defined in
application/config/hooks.php file. Each hook is
specified as a part of a global array named $hook
$hook[„Hook_Point‟] = array(
'class' => 'MyClass',
'function' => 'Myfunction',
'filename' => 'Myclass.php',
'filepath' => 'hooks',
'params' => array()
);](https://image.slidesharecdn.com/aclincodeigniter-mizanurrahman-101109053429-phpapp02/85/ACL-in-CodeIgniter-6-320.jpg)
![/* application/config/hooks.php */
$hook['pre_controller'] = array(
'class' => 'Accesscheck',
'function' => 'index',
'filename' => 'accesscheck.php',
'filepath' => 'hooks');](https://image.slidesharecdn.com/aclincodeigniter-mizanurrahman-101109053429-phpapp02/85/ACL-in-CodeIgniter-9-320.jpg)
![class Accesscheck
{
public function index($params)
{
require_once('permissions.php');
$baseURL = $GLOBALS['CFG']->config['base_url'];
$routing =& load_class('Router');
$class = $routing->fetch_class();
$method = $routing->fetch_method();](https://image.slidesharecdn.com/aclincodeigniter-mizanurrahman-101109053429-phpapp02/85/ACL-in-CodeIgniter-10-320.jpg)
![if(! empty($doesNotRequireLogin[$class][$method])) { return true; }
else {
if(! $_SESSION['userType']) { //checking authentication
header("location: {$baseURL}common/login"); exit;
}
else {
if(empty($permissions[$_SESSION['userType']][$class][$method])
||
$permissions[$_SESSION['userType']][$class][$method]!=true) {
header("location: {$baseURL}common/unauthorized");
exit;
} else {
return true;
}
}
}
header("location: {$baseURL}common/unauthorized");](https://image.slidesharecdn.com/aclincodeigniter-mizanurrahman-101109053429-phpapp02/85/ACL-in-CodeIgniter-11-320.jpg)
![<?php
$doesNotRequireLogin = array();
$permissions = array();
$doesNotRequireLogin['common']['index'] = true;
$doesNotRequireLogin['common']['login'] = true;
$doesNotRequireLogin['common']['dologin'] = true;
$doesNotRequireLogin['common']['unauthorized'] = true;
$doesNotRequireLogin['common']['message'] = true;
$doesNotRequireLogin['common']['forgotpassword'] = true;](https://image.slidesharecdn.com/aclincodeigniter-mizanurrahman-101109053429-phpapp02/85/ACL-in-CodeIgniter-12-320.jpg)
![$permissions[„member‟][„blog'][„post‟] = true;
$permissions[„member‟][„blog'][„view‟] = true;
$permissions[„member‟][„blog'][„save‟] = true;
$permissions[„member‟][„blog'][„rating‟] = true;
$permissions[„guest‟][„blog'][„view‟] = true;](https://image.slidesharecdn.com/aclincodeigniter-mizanurrahman-101109053429-phpapp02/85/ACL-in-CodeIgniter-13-320.jpg)
![M. MIZANUR RAHMAN
Founder & C.T.O
Informatix Technologies
[mizan@informatixbd.com]](https://image.slidesharecdn.com/aclincodeigniter-mizanurrahman-101109053429-phpapp02/85/ACL-in-CodeIgniter-16-320.jpg)
ACL in CodeIgniter
- 2. ACL stands for Access Control List Used for Authorization purpose (eg: who access what) Zend, CakePHP features ACL as key component of their framework What about CodeIgniter?
- 4. Using our custom control check function loadPage($pageID) { if($_SESSION[„userType‟] != “member”) { die(“you do not have access to this page”); } } And the check goes on & on, Hard coded in our controller files…..
- 5. What is this hook? ◦ a means to tap into and modify the inner workings of the framework without hacking the core files ◦ Have you heard of wordpress or mediawiki hook? ◦ Examples: We want to execute a functionality before controllers are loaded
- 6. Hooks must be enabled in CodeIgniter Config file $config['enable_hooks'] = True; Hooks are defined in application/config/hooks.php file. Each hook is specified as a part of a global array named $hook $hook[„Hook_Point‟] = array( 'class' => 'MyClass', 'function' => 'Myfunction', 'filename' => 'Myclass.php', 'filepath' => 'hooks', 'params' => array() );
- 7. pre_system Called very early during system execution. Only the benchmark and hooks class have been loaded at this point. No routing or other processes have happened. pre_controller Called immediately prior to any of your controllers being called. All base classes, routing, and security checks have been done. post_controller_constructor Called immediately after your controller is instantiated, but prior to any method calls happening. post_controller Called immediately after your controller is fully executed.
- 8. class The name of the class you wish to invoke. If you prefer to use a procedural function instead of a class, leave this item blank. function The function name you wish to call. filename The file name containing your class/function. filepath The name of the directory containing your script. Note: Your script must be located in a directory INSIDE your application folder, so the file path is relative to that folder. For example, if your script is located in application/hooks, you will simply use hooks as your filepath. If your script is located in application/hooks/utilities you will use hooks/utilities as your filepath. No trailing slash. params Any parameters you wish to pass to your script. This item is optional.
- 9. /* application/config/hooks.php */ $hook['pre_controller'] = array( 'class' => 'Accesscheck', 'function' => 'index', 'filename' => 'accesscheck.php', 'filepath' => 'hooks');
- 10. class Accesscheck { public function index($params) { require_once('permissions.php'); $baseURL = $GLOBALS['CFG']->config['base_url']; $routing =& load_class('Router'); $class = $routing->fetch_class(); $method = $routing->fetch_method();
- 11. if(! empty($doesNotRequireLogin[$class][$method])) { return true; } else { if(! $_SESSION['userType']) { //checking authentication header("location: {$baseURL}common/login"); exit; } else { if(empty($permissions[$_SESSION['userType']][$class][$method]) || $permissions[$_SESSION['userType']][$class][$method]!=true) { header("location: {$baseURL}common/unauthorized"); exit; } else { return true; } } } header("location: {$baseURL}common/unauthorized");
- 12. <?php $doesNotRequireLogin = array(); $permissions = array(); $doesNotRequireLogin['common']['index'] = true; $doesNotRequireLogin['common']['login'] = true; $doesNotRequireLogin['common']['dologin'] = true; $doesNotRequireLogin['common']['unauthorized'] = true; $doesNotRequireLogin['common']['message'] = true; $doesNotRequireLogin['common']['forgotpassword'] = true;
- 13. $permissions[„member‟][„blog'][„post‟] = true; $permissions[„member‟][„blog'][„view‟] = true; $permissions[„member‟][„blog'][„save‟] = true; $permissions[„member‟][„blog'][„rating‟] = true; $permissions[„guest‟][„blog'][„view‟] = true;
- 14. We have eliminated the process of writing the authorization code on each controller functions We have a better authorized application We have a central access point with permissions and check. We have used Array for better performance (you can use XML though) This solution is better suited for role based access as well as dynamic role option.
- 15. ACL as a Library ◦ There are few libraries available from CodeIgniter wiki page and other sources which can be used for ACL purpose.
- 16. M. MIZANUR RAHMAN Founder & C.T.O Informatix Technologies [[email protected]]