implementing a different kind of rightssystem into yours

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
cleany
Forum Newbie
Posts: 1
Joined: Fri Mar 04, 2005 8:53 am

implementing a different kind of rightssystem into yours

Post by cleany »

I`ve downloaded an Ideabox from phpoutsourcing.com and there`s one user table. I`ve already got a user table with a binairy rightssystem.

in this Ideabox there`s a field called $isAdmin (with values 1 or 0 or TRUE and FALSE).

In my system I`ve got a rights class which should be implemented somewhere. It looks something like this:

Code: Select all

if (($cur_session->get_rights() & (16 | 64)) > 0)
{
}
but the old value is $isAdmin...

these are scripts where it`s used: (there`s no global 'isAdmin' created at all)

Code: Select all

function hasAdminRights( &$hasRight, $base="", $method="" )
{
    global $gorumuser;
    global $gorumrecognised;
    $hasRight = ($gorumrecognised && $gorumuser->isAdm);
    return ok;
}

function hasObjectRights(&$hasRight, $method, $giveError=FALSE)
{
    global $gorumrecognised, $gorumauthlevel, $gorumuser,$lll;
    global $generalRight;
    $isAdm = ($gorumrecognised && $gorumuser->isAdm);
    $generalRight = FALSE;
    if( $method==Priv_delete && $isAdm)
    {
        $hasRight=TRUE;
        $generalRight = TRUE;
    }
    elseif($method==Priv_delete && isset($this->id) &&
           $this->id==$gorumuser->id)
    {
        $hasRight=TRUE;
        $generalRight = FALSE;
    }
    elseif( $method==Priv_load )
    {
        $hasRight=TRUE;
        $generalRight = TRUE;
    }
    elseif( $method==Priv_create )
    {
        $hasRight=TRUE;
        $generalRight = TRUE;
    }
    else if( !$gorumrecognised  )
    {
        $hasRight=FALSE;
        $generalRight = TRUE;
    }
    elseif( $isAdm )
    {
        $hasRight=TRUE;
        $generalRight = TRUE;
    }
    elseif( isset($this->id) && $this->id==$gorumuser->id)
    {
        $hasRight=TRUE;
        $generalRight = FALSE;
    }
    else
    {
        $hasRight=FALSE;
        $generalRight = FALSE;
    }
    if( !$hasRight && $giveError )
    {
        handleError($lllї"permission_denied"]);
    }
    return ok;
}

feyd | please use

Code: Select all

tags while

Code: Select all

tags are offline[/color]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

what's your question?
Post Reply