News Feed
Jobs Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Developer.com:
Creating a Custom ACL in PHP
May 11, 2012 @ 10:53:23

On Developer.com there's a recent tutorial showing you how to create a basic access control list in PHP (not in any specific framework). It allows you to define not only user permissions but groups and group permissions as well.

So, what are the advantages of an ACL model? The first advantage is security. Using this model will make your application more secure and less vulnerable to exploits. When securing any program, it is good to give to the user only the privileges he/she needs. That means that, for example, you should not give super administrator privileges to someone who will only manage website content. The ACL security model allows you to do just that. The second advantage is the easiness of user management. You can divide users into groups, while each group has certain access permissions. Also, you can easily add new user groups, delete the old ones or change group permissions.

They include the database structure you'll need to make the backend work (four tables) and the code to create an "Acl" class with methods to check a user+group for a permission, get the permissions for a user and get the permissions for a group. It's a pretty simple system and has a lot more that could be added to it to make it more robust, but it's a good start.

0 comments voice your opinion now!
custom acl access control permission group tutorial database


PHPMaster.com:
Role Based Access Control in PHP
March 13, 2012 @ 13:10:05

On PHPMaster.com today there's a new tutorial posted (from Martin Psinas) about using role-based access controls in PHP-based applications. His method isn't based in any specific framework, so it's easily portable to just about any app out there.

In this article I will discuss my personal favorite approach: role based access control (RBAC). RBAC is a model in which roles are created for various job functions, and permissions to perform certain operations are then tied to roles. A user can be assigned one or multiple roles which restricts their system access to the permissions for which they have been authorized.

He starts with a warning that, if not properly maintained, a role-based system like this can get to be somewhat chaotic so a rules should be in place around the adding and removing of permissions at certain times. His functionality is based on a few database tables - roles, permissions and cross-reference tables between users/roles & permissions/roles. All of the code you'll need to implement the system is included in a Role class, the PrivilegedUser class and the methods you'll need to add/remove/check the logged in user's permissions.

0 comments voice your opinion now!
role access privilege tutorial database permission


Lorna Mitchell's Blog:
Accessing the Magento Web API
May 05, 2010 @ 15:58:04

On her blog today Lorna Mitchell talks about a problem she encountered with the Magento web API interface - an "Access denied" message that was keeping her out.

I've been working with the Magento Web API lately, and the first problem I ran into was actually getting access to it. Contrary to its reputation, I found some perfectly good documentation outlining how to connect to the service and use it.

A search for a fix to her "access denied" message lead her to this forum post talking about web service permissions and how it relates to user setup. An API key and username are needed to work with the API and can be set up in the user's information.

0 comments voice your opinion now!
magento api interface permission access denied


Debuggable Blog:
Simple Data Access Control
August 25, 2008 @ 07:56:50

In a new post to the Debuggable blog Felix Geisendorfer illustrates a simple access rights system that can be plugged into any CakePHP application you might be developing.

If your application is like most, then you have some basic permission requirements for your data. A simple scenario is the following. Blog posts can only be edited by their owners and administrators. Same goes for viewing unpublished blog posts.

His example modifies the typical "posts" controller to add in a new model (User) with a permission check (can) and a model that implements it into the PostsController to ensure that a user can view any given posting.

0 comments voice your opinion now!
post access control user permission model cakephp framework


PHPImpact Blog:
Run PHP scripts with different users on the same server
August 12, 2008 @ 09:31:52

On the PHP::Impact blog Federico has posted a sort of reminder about a method you can use to run PHP scripts as different users on the same system - suPHP.

suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

suPHP runs as an Apache module and works with the local server's permission system to restrict script access to whatever the user's allowances are. He links to this tutorial for more information on setting it up.

0 comments voice your opinion now!
suphp script apache module user permission


Lee Blue's Blog:
How To Implement A Ruby on Rails style before_filter With The PHP Zend Framework
February 04, 2008 @ 14:36:00

Lee Blue has posted something looking to bridge yet another gap between Ruby on Rails and PHP - a method for adding before_filter functionality to PHP.

I often use this when implementing a simple login screen for a password protected section of my application. In a Zend Framework application you can implement a preDispatch() function in a Zend_Controller_Action which will run before an action is dispatched. This lets you setup your filter to check to see if the visitor is logged in or not. If the visitor is not logged in, you can redirect them to the login screen of your application.

He includes example code to show its usefulness - checking to see two things: is a user is logged in and to see if they're allowed to use a certain resource.

0 comments voice your opinion now!
rubyonrails zendframework beforefilter user access permission


Zend Developer Zone:
Use LiveUser for Authentication & Permission Management with the Zend Framewok
October 09, 2006 @ 10:21:00

On the Zend Developer Zone today, there's a new tutorial posted about using the LiveUser in conjunction with the Zend Framework to make an easy authetication and persmission system for your system.

When building a web site or application there comes a moment when you will most likely need to implement access restrictions. Two parts come in to play, first there is authentication (ususally implemented as username/password combination) and then authorization (or permission) to make sure a user is allowed to do what he is trying to do.

LiveUser provides you with a framework to make it easy to implement both aspects. It has a container approach giving a lot of flexibility in writing your own schemes if the bundled ones do not meet your needs. All containers use a unified API that makes switching between containers as painless as possible. We will see one way to integrate the Zend Framework Controller with LiveUser.

They start with a few definitions of the levels of complexity you can have for authentication on your website (simple, medium, complex) and follow it with the usual "getting started" and setup portion. They create a simple configuration array and show how to authenticate against it by including the LiveUser library and making an object with it, Factory style.

0 comments voice your opinion now!
liveuser authentication permission zend framework management liveuser authentication permission zend framework management



Community Events











Don't see your event here?
Let us know!


symfony2 performance hhvm language facebook hack package introduction project framework install security unittest release example application database component podcast composer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework