User & Page permissions problem.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ctown82
Forum Newbie
Posts: 11
Joined: Mon Oct 01, 2007 9:29 am

User & Page permissions problem.

Post by ctown82 »

Hi,

First off, if there is an easier way to do this, I'm all ears. What I've got is a page which uses group-based security. On the DB side, a user can be a member of several groups (Table: user_permissions), and the page's display changes based on whether a user is in a group the page permits.

I've got sort of a weird issue... so I'm going to post some code, then talk about it.

security.php (excerpt)

Code: Select all

function GetPagePermissions($requestor)
{
	global $sqlinfo;
	
	$query = " SELECT * FROM page_permissions WHERE page_name='". $requestor ."';";
	$result = mysql_query($query);
	return mysql_fetch_assoc($result);
}

function GetUserPermissions()
{
	global $sqlinfo;
	
	$query = " SELECT * FROM user_permissions WHERE user_id='". $_SESSION['user_id'] ."';";
	$result = mysql_query($query);
	return mysql_fetch_assoc($result);
}

function PageAuth($requestor)
{
	$user = GetUserPermissions();
	$page = GetPagePermissions($requestor);
	
	$auth = false;

/*DBG*/var_dump($user);
/*DBG*/var_dump($page);

	reset($user);
	reset($page);

	if(current($user) == current($page))
		$auth = true;

	for($i = 1; $i < count($user); $i++)
	{
		if(next($user) == 1 && next($page) == 1)
			$auth = true;
/*DBG*/echo '<br>'. current($user) .' != '. current($page) .'<br>';
	}
	
	return $auth;
}
exp_rep.php (excerpt)

Code: Select all

if(!PageAuth('exp_rep.php'))
{
	include($dir['pages'] .'403.php');
}
Okay, as you can see, I have some debug output in here. That comes out as ($user first, then $page):

Code: Select all

array(9) { 
["user_id"]=> string(1) "1" 
["guest"]=> string(1) "0" 
["registered"]=> string(1) "1" 
["siteadmin"]=> string(1) "1" 
["agent"]=> string(1) "1" 
["supervisor"]=> string(1) "1" 
["financeadmin"]=> string(1) "1" 
["accountadmin"]=> string(1) "1" 
["useradmin"]=> string(1) "1" 
}

array(9) { 
["page_name"]=> string(11) "exp_rep.php" 
["guest"]=> string(1) "0" 
["registered"]=> string(1) "0" 
["siteadmin"]=> string(1) "1" 
["agent"]=> string(1) "1" 
["supervisor"]=> string(1) "1" 
["financeadmin"]=> string(1) "1" 
["accountadmin"]=> string(1) "0" 
["useradmin"]=> string(1) "0" 
} 

0 != exp_rep.php
1 != 0
1 != 0
1 != 1
1 != 1
1 != 1
1 != 1
1 != 0
(I cleaned up the output a bit for easy reading.)

As you can see, my arrays are coming unaligned as I'm reading them with PageAuth(). I know that reset() shouldn't be needed, but I am trying everything to get these to work right. However, you've probably noticed that's not my only problem... The page isn't displaying as though the user is authorized, but even with the misaligned arrays, he should still have access!

So, 2 problems:

$user and $page are somehow coming unaligned using next()

The user is unable to access the page.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I think your database needs restructuring. First off, it's not flexible to have each group as a column. Each group should be a separate row. This will make your lookup much easier too as it will then be pretty straight forward.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Your database needs a bit of work - using one table for all pages and users is like throwing everything at one location and hoping it sticks. Just splitting users from pages would be a simple step forward.

Secondly, why should the arrays align - yes they should, but it's not being made absolutely definitive. They have different keys, and they hold different values, and there's no reason to expect them to line up except by coincidence. What you could do - is remove the difference point (user id and page name) from each array, and sort it by keys alphabetically (that moves from happy coincidence to certainty).

An actual Iterator (SPL) on each array might make things a bit more obvious.

Can't say for certain - but reset $users after using count(). I suspect count() fiddles with the internal pointer and may be the cause of the alignment woes. Move it up before the reset() calls and see what happens.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Maugrim_The_Reaper wrote:Your database needs a bit of work - using one table for all pages and users is like throwing everything at one location and hoping it sticks. Just splitting users from pages would be a simple step forward.
psst. They are in separate tables. ;)
ctown82
Forum Newbie
Posts: 11
Joined: Mon Oct 01, 2007 9:29 am

Post by ctown82 »

feyd wrote:I think your database needs restructuring. First off, it's not flexible to have each group as a column. Each group should be a separate row. This will make your lookup much easier too as it will then be pretty straight forward.
A seperate row...? As in, I should use a table for each page?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

ctown82 wrote:A seperate row...? As in, I should use a table for each page?
No. A separate record (row) for each group associated with the page. Similarly, in the other table, a separate record (row) for each group a user is associated with.
Post Reply