I know vBulletin uses bitperms, I was using them too but when I got to 10^63 they stopped working, it wouldn't handle any numbers greater than that (it being my PHP host).
I'm curious to know what myBB, PhpBB, IPB, Joomla and other scripts on the net use for permission systems, I really want to use a fast permission setup in my script. Right now I've implemented a sql variable on each user called permgroups and would have a value such as 1,4,5 and each of those numbers correspond to a permission group which has a similar variable called canseepages 1,2,3,4,1,4,1,54,6,4,5,22,6,2,3,4,1,2 which correspond to each page I have.
First I select permgroups in PHP
Then I use PHP's explode on permgroups
then I do a foreach on every perm group the user can see
within the foreach I run a sql query to grab the canseepages variable from the permissions group
I then append this to a variable so I end up with something MASSIVE like
$variable = '1,2,3,4,5,6,7,8,9,2,22,55,44,55,33,44,11,44,33,44,11,33,44,'.
'22,33,44,11,22,33,44,33,11,22,33,44,33,22,33,44,55,44,'.
'55,54,26,77,84,645,345,233,11,4,11,3,32';
That variable represents all the pages the user is allowed to view. I then explode that into an array of numbers and I use in_array() to check if the current page they're trying to view is within that array of pages they're allowed to view.
It's pretty fast now but I'm just thinking there must be a faster method of doing all this in general.
Maybe this doesn't apply for you, but typically you'd apply permissions to sections of a system, not individual pages. So, for example, you might have an 'admin' permission, that unlocks all the big adminy sections.
You could have a manager perm that unlocks the ability to add, edit, and delete users from the system. Since it is ultra rare to have a need for someone that can do one of, but not all of, those things.
An alternative is a task-specific permissions system. This site uses one, you've been around long enough to gain some of them.
I figured out a long time back that Bit masks was the best possible solution for User Permissions:
Short Example:
class UserPermissions()
{
private $Mask = 0;
//Levels
const PUBLIC_READ = 1;
const PUBLIC_WRITE = 2;
const PUBLIC_EDIT = 4
const PUBLIC_DELETE = 8;
//ETC
public function __construct($Mask)
{
$this->Mask = $Mask;
}
public function InvokePermission($Bit)
{
return ($Mask & $Bit); //True / False
}
public function AddPermission($Bit)
{
$this->Mask |= $Bit; //Add the bit to the mask
}
public function RevokePermission()
{
$this->Mask &= ~ $Bit;
}
public GetMask()
{
return $this->Mask;
}
}
Simple use like so:
$Permissions = new UserPermissions($User->PermissionsData);
if($Permissions->InvokePermission( Permissions:: PUBLIC_EDIT ))
{
//Use can edit
}
Some links:
Why should I use bitwise/bitmask in PHP?
Duplicate (From Myself)
Why not use arrays of integers as bitmasks? Then you just do something like
$ndx = $pageNo / PHP_INT_SIZE;
$bit = $pageNo % PHP_INT_SIZE;
$canAccess = $permArray[$ndx] & (1<<$bit);
$pageNo is the number of the page the user is trying to access, $permArray is the array of integers representing the permitted pages for the group. If the bit corresponding to the page is set, the user can access the page.
(Sorry if the syntax is wrong, I haven't used PHP for a long time.)
Related
I have recently begun working on a pre-existing PHP application, and am having a bit of trouble when it comes to exactly what I should to improve this application's scalability. I am from a C#.NET background, so the idea of separation of concerns is not new to me.
First off I want to tell you what exactly I am looking for. Currently this application is fairly well-sized, consisting of about 70 database tables and ~200 pages. For the most part these pages simply do CRUD operations on the database, rarely anything actually programmatically intensive. Almost all of the pages are currently using code akin to this:
$x = db->query("SELECT ID, name FROM table ORDER BY name");
if ($x->num_rows > 0) {
while ($y = $x->fetch_object()) {
foreach ($y as $key => $value)
$$key = $value;
Obviously, this is not great for an application that is as large as the one I am supposed to be working on. Now I, being from a C#.NET background, am used to building small-scale applications, and generally building a small Business Object for each object in my application (almost a 1 to 1 match with my database tables). They follow the form of this:
namespace Application
{
public class Person
{
private int _id = -1;
private string _name = "";
private bool _new = false;
public int ID
{
get{ return _id; }
}
public string Name
{
get { return _name; }
set { _name = value; }
}
public Person(int id)
{
DataSet ds = SqlConn.doQuery("SELECT * FROM PERSON WHERE ID = " + id + ";");
if (ds.Tables[0].Rows.Count > 0)
{
DataRow row = ds.Tables[0].Rows[0];
_id = id;
_name = row["Name"].ToString();
}
else
throw new ArgumentOutOfRangeException("Invalid PERSON ID passed, passed ID was " + id);
}
public Person()
{
_new = true;
}
public void save()
{
if (_new)
{
doQuery(" INSERT INTO PERSON " +
" ([Name]) " +
" VALUES " +
" ('" + Name.Replace("'", "''") + "'); ");
}
else
{
SqlConn.doNonQuery(" UPDATE PERSON " +
" SET " +
" [Name] = '" + _name.Replace("'", "''") + "' WHERE " +
" ID = " + _id);
}
}
In shorter terms, they simply have attributes that mimic the table, properties, a constructor that pulls the information, and a method called save that will commit any changes made to the object.
On to my actual question: first of all, is this a good way of doing things? It has always worked well for me. Second, and more importantly, is this also a good way to do things in PHP? I've noticed already that PHP's loose typing has caused me issues in the way I do things, also no method overloading is entirely new. If this isn't a good practice are there any good examples of how I should adapt this project to 3 tiers? Or, possibly I should not attempt to do this for some reason.
I am sorry for the length of the question, but I have been digging on the internet for a week or so to no avail, all I seem to ever find are syntax standards, not structure standards.
Thanks in advance.
There are several patterns that one can follow. I like to use the MVC pattern myself. MVC is about splitting user interface interaction into three distinct roles. There are other patterns though, but for clarity (end length of the post I will only go into MVC). It doesn't really matter which pattern you wish to follow as long as you use the SOLID principles.
I am from a C#.NET background, so the idea of separation of concerns is not new to me.
That's great. Trying to learn PHP will only be an implementation detail at this point.
Obviously, this is not great for an application that is as large as the one I am supposed to be working on.
Glad that we agree :-)
In an MVC pattern you would have:
Model: which does 'all the work'
View: which takes care of the presentation
Controller: which handles requests
When requesting a page it will be handled by the Controller. If the controller needs to get some work done (e.g. getting a user) it would ask the model to do this. When the controller has all the needed info it will render a view. The view only renders all the info.
That person object you were talking about would be a model in the MVC pattern.
I've noticed already that PHP's loose typing has caused me issues in the way I do things
PHP loose typing is pretty sweet (if you know what you are doing) and at the same time can suck. Remember that you can always do strict comparisons by using three = signs:
if (1 == true) // truthy
if (1 === true) // falsy
also no method overloading is entirely new
PHP indeed doesn't really support method overloading, but it can be mimicked. Consider the following:
function doSomething($var1, $var2 = null)
{
var_dump($var1, $var2);
}
doSomething('yay!', 'woo!'); // will dump yay! and woo!
doSomething('yay!'); // will dump yay! and null
Another way would be to do:
function doSomething()
{
$numargs = func_num_args();
$arg_list = func_get_args();
for ($i = 0; $i < $numargs; $i++) {
echo "Argument $i is: " . $arg_list[$i] . "<br />\n";
}
}
doSomething('now I can add any number of args', array('yay!', 'woo!', false));
Or, possibly I should not attempt to do this for some reason.
Of course you should attempt it. When you already have programming experience it shouldn't be too hard.
If you have any more questions you can can find me idling in the PHP chat tomorrow (I'm really need to get some sleep now :-) ).
is this a good way of doing things?
There is no ideal way; there is good and bad for determined situation.
About typing, PHP doesn't loose it; we call that dynamic typing.
About the architecture, when we develop enterprise level web applications, from medium to large scale, we tend to talk about performance on a daily basis.
A good point to start would be reading about some of the most known PHP frameworks, like:
Zend
Symfony
Kohana
From that you can start thinking about architecture.
OK, I am just trying to get better at making more loosely coupled classes etc in PHP just to improve my skills. I have a local test database on my computer and for the user table I have a column named "role". I am trying to build a function that is a general function for getting permissions for a user so it doesn't depend on a specific task they are trying to do.
When a user tries to do something such as create a new forum topic etc, I want to query the database and if "role" is a certain value, store permissions in a multidimensional array like the following:
$permissions = array(
'forums' => array("create", "delete", "edit", "lock"),
'users' => array("edit", "lock")
);
Then I want to be able to search that array for a specific permission without typing the following at the top of every PHP file after a user posts a form by checking isset($var). So if the user is trying to edit a user I want to be able to do something like the following via a class method if possible
if (Class::get_permissions($userID),array($permissionType=>$permission))) {
// do query
} else {
// return error message
}
How would be a good way to have a loosely coupled permission checking function that will be able to do something like this? It doesn't have to be laid out exactly like this but just be loosely coupled so it can be reused and not be bound to a certain task. But I want to be able to have an array of permissions instead of just "admin","user", etc for reusability and so it doesn't restrict my options down the road. Because I have a bunch of code that is like this right now in the top of my php script files.
if (Class::get_permissions($userID) == "admin") {
// allow query
} else {
// return error
}
Thanks for any input to help me get this to where I don't keep writing the same stuff over and over.
Your question is a little vague, but I will do my best. You said you're storing their permissions in an array $permissions.
public static $permissions = array();
public static function setPermissions($perms)
{
if (!is_array($perms)) {
throw new Exception('$perms must be an array.');
}
self::$permissions = $perms;
}
public static function hasPermission($section, $action)
{
if (array_key_exists($section, self::$permissions)
&& in_array($action, self::$permissions[$section])
) {
return true;
}
return false;
}
Using that logic, when you read a user's permissions from the DB, then set the Class::$permissions static var like so:
Class::setPermissions($permissions);
// ...
if (Class::hasPermissions($page, $action)) {
// user has permission
}
Note, my code is pretty generic and will have to remain that way until I have more information. For now, I'm assuming your permissions array is using a page section as the index and the array is a list of actions within that page section that the user has access to. So, assuming $page has been set to something like "forums" and the user is currently trying to perform an edit (so $action = 'edit'), the Class::hasPermission() function would return true.
I ran out of characters in the comments... But this is to your comment.
#corey instead of having a static object, I include a function that sets my permissions in the user's session. It as part of my LoginCommand class that gets called whenever the user logs in, obviously.
The permissions are then stored from view to view and I don't have to keep querying. The permissions check for most things only happen when the user logs in. However, certain sensitive things I'll run another query to double check. This has the disadvantage that, if the user's permissions change while the user has an active session, these changes won't be pushed to the user.
Remember to exercise good session security.
PHP Session Security
The only reason you wouldn't store data in your session size is because your session got too big. But unless you sessions are megabyte's, you probably don't need to worry about this.
I am new to PHP and I don't have much experience in PHP.I am trying to develop a login system based on a layered structure.I thought about various methods to implement that system but I think it's better to get some ideas from experienced programmers like you.I have explained my requirement idea below.
I need to make 3 different login layers with different powers.Eg.Member, Staff, Admin.Here the admin should have almost all the privileges over the system and the member should have some, and staff need to have some more.Could you please give me some ideas to implement my system.mmm it's alright it to be complex, I need it to be secured.
Should I have to use different function files for different users or can use a same file set with different privileges.
Thank you.
In general terms, what you need to do is first determine the role of the user when they log in. Generally this is done by looking the user up in a database.
Then, stash their role in a session: php sessions
Afterward, when you're going to display some option that only Admins should have (for example) check in the session to make sure that they have the required role. You should check the role again when actually performing the action, to prevent an attacker from executing commands they shouldn't be able to by forging a request.
Also, this should all be done over SSL connections (HTTPS) to help prevent an attacker from hijacking another user's session by inspecting an Admin's request headers and building their own request using that session ID.
(I'm also a bit of a PHP beginner, but that should cover most of the general stuff for implementing a secure role-based auth system. Hope it helps.)
It is not necessary to have different function files for different users. Have a table which has details about who is a staff, member and admin. And when displaying a page, just have a check on the privilege for each item before displaying it and during execution of each function also check if the user has necessary privileges to execute the function.
class level
{
const UNCLASSIFIED = 1;
const CONTROLLED = 2;
const RESTRICTED = 4;
const SENSITIVE = 8;
const CONFIDENTIAL = 16;
const SECRET = 32;
const TOPSECRET = 64;
const CODEWORD = 128;
const MEMBER = 63; // Everything up to SECRET.
const STAFF = 127; // Everything up to TOPSECRET.
const ADMIN = 255; // Everything.
private $level = NULL;
public function __get($property) { return $this->$property; }
public function __set($property, $value) { return $this->$property = $value; }
}
Using bit wise operations, you can set the predefined levels for some people where their access situation is common. Whereas when you have someone who needs access to one type of information, but not another, you can setup their account with just the access level they need.
So I'm wanting to setup an achievements system on my site. People perform tasks and upload this information which is then stored in a database (think 'time', 'date', 'task', etc.). What would be the best method of checking their information and awarding achievements? Would I just have like an achievement.php that once information is uploaded it would trigger this document to run through all the checks to determine if the user needs to be awarded an achievement? Or is there something server side I should set up to award the user?
Thanks for any help or suggestions, comments, etc. :D
EDIT: I currently have the achievements listed in the database, (id, name, class)
Tasks are stored as ('date_time','time','device','user_id[fk]')
EDIT 2: Also many achievements will be calculated based on not only the tasks the user is currently submitting but takes into account previous tasks in addition to the newly added task. EX: If the user has completed 3 tasks within 3 consecutive days, then they will be awarded for it
Your best bet is probably to create a table of point values for the tasks, and then create a stored procedure that can fetch the appropriate counts from the appropriate tables and multiply them by the point values. That's what I've done in the past - it allows you modify point values on the fly from the DB as well.
it really depends on where your preference for business logic placement lies, and how real time you want acheivements to be. if you're looking to offload a bunch of business logic on you sql server, put it in a stored procedure, otherwise, class out the calculations into a class in php, and use that class to determine what new achievements have been.
i would definitely suggest doing the processing outside of the normal page response. perhaps kick off a server-side call to the php cli, or set up a cron job to run all individuals through a check for achievements at a certain interval.
edit:
as for the actual methods of awarding achievements, i would think you're most flexible and simple implementation (you will find more simple/less flexible and more flexible/less simple options i'm sure) would be to create an AwardRunner class, an IAward interface and a bunch of individual implementations of IAward for each award you have. the basic idea would be something like:
<?php
class AwardRunner {
var $UserId = 0;
function AwardRunner($userId) {
$this->UserId = $userId;
$dir = "/path/to/your/folder/full/of/IAwards/";
$includes = read_dir($dir);
//include all files that exist
foreach($includes as $include)
{
if (is_file($include))
{
require($include);
}
}
}
public function Run() {
$classList = get_declared_classes();
foreach($classList as $key => $className)
{
if (in_array('IAward', class_implements($className))) {
$award = $className();
$award->UserId = $this->UserId;
$award->GrantIfUserQualifies();
}
}
}
//function for reading all files in a directory.
//this is recursive, so any files in subfolders will also make it in
function read_dir($dir)
{
$array = array();
$d = dir($dir);
while (false !== ($entry = $d->read())) {
if($entry!='.' && $entry!='..') {
$entry = $dir.'/'.$entry;
if(is_dir($entry)) {
$array = array_merge($array, read_dir($entry));
} else {
$array[] = $entry;
}
}
}
$d->close();
return $array;
}
}
?>
i would think the idea of what the IAward interface would look like would be pretty clear from the usage, though you'd probably add to it the Id field from your table so it would be able to insert itself into the database, as would the way to call the AwardRunner class.
this idea should work whether you have something batching the awards process looping through all your users, or just fire it off after every task submission.
How about you create a trigger on the task submission proc (or however you insert the data when the user completes a task), that then performs the necessary actions for that user to determine if he/she is awarded an achievement, and then updates the achievements table accordingly.
Then, every-time you load up the information for the user on the front end, the data will already be in for him/her in the achievements table, and you can directly access it (which I'm sure you already do).
I realize the knee-jerk response to this question is that "you dont.", but hear me out.
Basically I am running on an active-record system on a SQL, and in order to prevent duplicate objects for the same database row I keep an 'array' in the factory with each currently loaded object (using an autoincrement 'id' as the key).
The problem is that when I try to process 90,000+ rows through this system on the odd occasion, PHP hits memory issues. This would very easily be solved by running a garbage collect every few hundred rows, but unfortunately since the factory stores a copy of each object - PHP's garbage collection won't free any of these nodes.
The only solution I can think of, is to check if the reference count of the objects stored in the factory is equal to one (i.e. nothing is referencing that class), and if so free them. This would solve my issue, however PHP doesn't have a reference count method? (besides debug_zval_dump, but thats barely usable).
Sean's debug_zval_dump function looks like it will do the job of telling you the refcount, but really, the refcount doesn't help you in the long run.
You should consider using a bounded array to act as a cache; something like this:
<?php
class object_cache {
var $objs = array();
var $max_objs = 1024; // adjust to fit your use case
function add($obj) {
$key = $obj->getKey();
// remove it from its old position
unset($this->objs[$key]);
// If the cache is full, retire the eldest from the front
if (count($this->objs) > $this->max_objs) {
$dead = array_shift($this->objs);
// commit any pending changes to db/disk
$dead->flushToStorage();
}
// (re-)add this item to the end
$this->objs[$key] = $obj;
}
function get($key) {
if (isset($this->objs[$key])) {
$obj = $this->objs[$key];
// promote to most-recently-used
unset($this->objs[$key]);
$this->objs[$key] = $obj;
return $obj;
}
// Not cached; go and get it
$obj = $this->loadFromStorage($key);
if ($obj) {
$this->objs[$key] = $obj;
}
return $obj;
}
}
Here, getKey() returns some unique id for the object that you want to store.
This relies on the fact that PHP remembers the order of insertion into its hash tables; each time you add a new element, it is logically appended to the array.
The get() function makes sure that the objects you access are kept at the end of the array, so the front of the array is going to be least recently used element, and this is the one that we want to dispose of when we decide that space is low; array_shift() does this for us.
This approach is also known as a most-recently-used, or MRU cache, because it caches the most recently used items. The idea is that you are more likely to access the items that you have accessed most recently, so you keep them around.
What you get here is the ability to control the maximum number of objects that you keep around, and you don't have to poke around at the php implementation details that are deliberately difficult to access.
It seems like the best answer was still getting the reference count, although debug_zval_dump and ob_start was too ugly a hack to include in my application.
Instead I coded up a simple PHP module with a refcount() function, available at: http://github.com/qix/php_refcount
Yes, you can definitely get the refcount from PHP. Unfortunately, the refcount isn't easily gotten for it doesn't have an accessor built into PHP. That's ok, because we have PREG!
<?php
function refcount($var)
{
ob_start();
debug_zval_dump($var);
$dump = ob_get_clean();
$matches = array();
preg_match('/refcount\(([0-9]+)/', $dump, $matches);
$count = $matches[1];
//3 references are added, including when calling debug_zval_dump()
return $count - 3;
}
?>
Source: PHP.net
I know this is a very old issue, but it still came up as a top result in a search so I thought I'd give you the "correct" answer to your problem.
Unfortunately getting the reference count as you've found is a minefield, but in reality you don't need it for 99% of problems that might want it.
What you really want to use is the WeakRef class, quite simply it holds a weak reference to an object, which will expire if there are no other references to the object, allowing it to be cleaned up by the garbage collector. It needs to be installed via PECL, but it really is something you want in every PHP installation.
You would use it like so (please forgive any typos):
class Cache {
private $max_size;
private $cache = [];
private $expired = 0;
public function __construct(int $max_size = 1024) { $this->max_size = $max_size; }
public function add(int $id, object $value) {
unset($this->cache[$id]);
$this->cache[$id] = new WeakRef($value);
if ($this->max_size > 0) && ((count($this->cache) > $this->max_size)) {
$this->prune();
if (count($this->cache) > $this->max_size) {
array_shift($this->cache);
}
}
}
public function get(int $id) { // ?object
if (isset($this->cache[$id])) {
$result = $this->cache[$id]->get();
if ($result === null) {
// Prune if the cache gets too empty
if (++$this->expired > count($this->cache) / 4) {
$this->prune();
}
} else {
// Move to the end so it is culled last if non-empty
unset($this->cache[$id]);
$this->cache[$id] = $result;
}
return $result;
}
return null;
}
protected function prune() {
$this->cache = array_filter($this->cache, function($value) {
return $value->valid();
});
}
}
This is the overkill version that uses both weak references and a max size (set it to -1 to disable that). Basically if it gets too full or too many results were expired, then it will prune the cache of any empty references to make space, and only drop non-empty references if it has to for sanity.
PHP 7.4 now has WeakReference
To know if $obj is referenced by something else or not, you could use:
// 1: create a weak reference to the object
$wr = WeakReference::create($obj);
// 2: unset our reference
unset($obj);
// 3: test if the weak reference is still valid
$res = $wr->get();
if (!is_null($res)) {
// a handle to the object is still held somewhere else in addition to $obj
$obj = $res;
unset($res);
}
I had a similar problem with the Incredibly Flexible Data Storage (IFDS) file format with trying to keep track of references to objects in an in-memory data cache. How I solved it was to create a ref-counting class that wrapped a reference to the underlying array. I generally prefer arrays over objects as PHP has traditionally tended to handle arrays better than objects with regards to unfortunate things like memory leaks.
class IFDS_RefCountObj
{
public $data;
public function __construct(&$data)
{
$this->data = &$data;
$this->data["refs"]++;
}
public function __destruct()
{
$this->data["refs"]--;
}
}
Since 'refs' is tracked as a regular value in the data, it is possible to know when the last reference to the data has gone away. Regardless of whether multiple variables reference the refcounting object or it is cloned, the refcount will always be non-zero until all references are gone. I don't need to care how many actual references there are internally in PHP as long as the value is correctly zero vs. non-zero. The IFDS implementation also tracks an estimated amount of RAM being used by each object (again, being exact isn't super important as long as it is in the ballpark), allowing it to prioritize writing and releasing unused objects that are occupying system resources first and then writing and releasing portions of still-referenced objects that are caching large quantities of DATA chunk information.
To get back to the topic/question, with this ref-counting class-based approach, it is, for example, mostly straightforward to prune to ~5,000 records in a cache upon hitting 10,000 records in the cache. General strategy is to not get rid of records still being referenced plus keep the most recently requested/used records that aren't being referenced because they are likely to be referenced again. Upon every new reference, unset() and then setting the item again will move the item to the end of the array so that the oldest probably unreferenced items appear first and the newest probably still referenced items appear last.
Weak references, as several people have suggested, won't solve every caching issue. They don't work in caching scenarios where you don't want to remove an item from the cache until the application is done working with it (i.e. deleting an item that the application later attempts to use) but also want to keep it around as long as RAM overhead permits even if the application stops referencing it temporarily but might need it again in a moment. Weak references are also incapable of working in scenarios where the item in the cache is holding onto unwritten data that may or may not be fine with staying unwritten even if there are no references to it in the application. In short, when there is a balancing act to maintain, weak references cannot be used.