FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Nested PHP
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Nested PHP [message #185319 is a reply to message #185318] Tue, 18 March 2014 13:10 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
On 17/03/14 23:31, Christoph Michael Becker wrote:
> The Natural Philosopher wrote:
>
>> Consider the problem
>>
>> I have page called /aby/xyz that I want accessible to one user and
>> totalluy invisible to another.
>>
>> At best htaccess makes it tricky and says 'not allowed' it wont ever say
>> 'page doesn't exist'.
>>
>> My users already live in a proper relational database.What is easier
>> than to write a slender shim that intercepts all access to the web
>> server, analyses them and decides who they are and what they can then
>> access? Using tables of privilege, proriory and area to give a
>> multidimensional; matrix of access. And the ability to return 'access
>> denied' or 'page not found' under my control if they try and access
>> something I don't want them to?
>
> Why not deploying the page controller pattern?
>
> ...
> <?php
> analyzeHit();
> if (!userAuthorizedToViewThisPage()) {
> header('HTTP/1.0 403 Forbidden');
> exit;
> }
> ?>
> <!DOCTYPE html>
> ...
>
> A front controller may be preferable (and it seems you're using
> something like that), but that also doesn't require to store PHP code in
> a database.
>
> Actually, requiring authorization for delivering certain content is
> quite common, but I doubt that there are (m)any sites storing PHP code
> in a database for that reason. The only reason I can see for storing
> PHP code in a DB, is to cater for user submitted code, what may be
> useful for e.g. CMSs.
>

in the end it was a balance of issues that decided it.

Probably the killer reason was that having to use the database anyway
to see whether or not the code would be executed, I was left with a list
of code and 'stuff to do with this code' that would go in the database,
and it seemed to be entirely within the basic database principle that
you don't stick the thing and its attributes in two different places
when there is always a 1:1 relationship... so the code followed the
'attributes of this code' into the database.

That made eval the way to execute it.

Since the code is preformed anyway, there is no more danger in this than
any other method. I.e. I am not using eval to allow some user response
to execute arbitrary code. It is simply a 'subroutine call into a
database'. And almost entirely equivalent to using include()




--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Filling an array with random input doesn't quite work
Next Topic: string length
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 22:33:59 GMT 2024

Total time taken to generate the page: 0.05422 seconds