Re: [psa-devel]Next Steps

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Albert Lash wrote:
> On 5/29/03 12:22 PM, "Justin Koivisto" <ju...@ko...> wrote:
> 
>>Albert Lash wrote:
>>
>>>What's next for PSA? Do you want to keep testing CVS before we release?
>>
>>There are still some things that can be cleaned up with the password
>>reset. Really, they are minor, but all the form fields and variables
>>used in the GUI pages should be prefixed with PSA_ so it doesn't clash
>>with other applications. Other than that, it is time to start doing some
>>documentation.
>>
>>>Some small additions we should include now are a prefix setting so
>>the app
>>>can be moved to different folders with reference to the security folder.
>>
>>Do you mean like $PSA_PATH in index.php on line 24 and _restrict.php on
>>line 4?
> 
> No, that's not what I'm talking about. If I built the site structure off the
> document root as is done now, but then realized I wanted to put in into
> another folder on a different server, I would have to add that folder name
> to the beginning of every page in the site structure. I hacked it in using
> this:
> 
> $PSA_page = $_SERVER['PHP_SELF'];
> $PSA_page = str_replace("$MMHOME", "", $PSA_page);
> 
> Where $MMHOME points to the root of the app. It would be nice if this were a
> part of the config file.
> 
> I'm not talking about if you move psa, but if you move the app that it is
> controlling the access to.

Gotcha.

OK, so now I have in config.php:

$PSA_SCR=array(
     'Type'        =>    'mysql',
     'Host'        =>    'localhost',
     'User'        =>    'user',
     'Password'    =>    'pass',
     'Database'    =>    'psa_db',
     'Language'    =>    'en',
     'SiteName'    =>    'www.your_domain.com',
     'SitePath'    =>    $_SERVER['DOCUMENT_ROOT'],
     'IncludePath' =>    dirname(__FILE__).'/../../metabase',
     'MbSchemaDir' =>    dirname(__FILE__).'/..'
);

in the constructor:

if(isset($PSA_SCR['SitePath'])){
     $this->SITE_PATH=$PSA_SCR['SitePath'];
}else{
     $this->SITE_PATH=$_SERVER['DOCUMENT_ROOT'];
}

and the hasRights method:

     function hasRights($url,$url2=''){
         $this->ERROR=array();
         // Make sure that the database will contain the full URI for 
the page

$url=preg_replace('/(\?|&)'.session_name().'=[A-Z0-9]{32}/i','',$url);

$url2=preg_replace('/(\?|&)'.session_name().'=[A-Z0-9]{32}/i','',$url2);
         $url3=$this->scr['SitePath'].$url;
         $url4=$this->scr['SitePath'].$url2;
         $query="SELECT groups FROM psa_users WHERE 
id=".$this->db->GetTextFieldValue($_SESSION['PSA_psaun']);
         $result=$this->db->Query($query);
         if(!$result){
             $this->ERROR[]=$this->db->Error();
             return FALSE;
         }
         $groups=explode(',',$this->db->FetchResult($result,0,0,0));

         $query='SELECT id FROM psa_pages WHERE 
page='.$this->db->GetTextFieldValue($url).
             ' OR page='.$this->db->GetTextFieldValue($url2).
             ' OR page='.$this->db->GetTextFieldValue($url3).
             ' OR page='.$this->db->GetTextFieldValue($url4);

         $tmp=explode('/',$url2);
         $running='';
         $running2=$this->SITE_PATH;
         foreach($tmp as $part){
             $running.=$part.'/';
             $running2.=$part.'/';
             $query.=' OR page='.$this->db->GetTextFieldValue($running.'*').
                 ' OR page='.$this->db->GetTextFieldValue($running2.'*');
         }
         $result=$this->db->Query($query);
         if(!$result){
             $this->ERROR[]=$this->db->Error();
             return FALSE;
         }
         for($i=0;$i<$this->db->NumberOfRows($result);++$i){
             $pageid=$this->db->FetchResult($result,$i,0);
             reset($groups);
             while(list($k,$gid)=@each($groups)){
                 $rightsar=$this->getProfile($gid);
                 $page_rights=unserialize($rightsar['rights']);
                 if(isset($page_rights[$pageid]))
                     return TRUE;
             }
         }
         // no match in the database
         $this->ERROR[]=_("You do not have access rights to this content");
         return FALSE;
     }

I haven't tested these yet, but I will sometime today

> Good point, but I really suck at documentation and I had forgot you had
> suggested that. I'll hack some stuff together - do you want me to work off
> the documentation that exists?

Yes, you can start with that. There shouldn't be a whole lot to change, 
but maybe some re-phrasing is in order.

 > I like the $PSA_ prepend for the variables, very smart.

SuperAlberT suggested that one a while back. ;)

 > Are wildcards already included?

In the documentation? I think so... In the app, yes, I've been using it 
for my mod-rewrite sites ;)