PhpSnip.com

Navigation

Resources

User Stats

  • 3313 subscribers
    ( Subscribe Now )
  • 6 guests online
  • 599 hits Today
  • 589 hits Yesterday
  • 23647 hits this month
  • Total 514379 hits
  • Total Scripts : 580

PHP Function ACL

with php function acl (facl) you can restrict function-, variable- and include/required-file-access

Info

 Download  View Source (print view)
 Rating : 4.7  Views : 428

Source Code ( 155 lines )

<?
/*
  +-----------------------------------------------------------------------+
  | PHP FUNCTION ACL, ACCESS CONTROL LISTS FOR PHP OBJECTS                |
  +-----------------------------------------------------------------------+
  | prepend this file (in your php.ini) to control your clients access to |
  | execute defined functions, undefined includes and forbidden variables |
  +-----------------------------------------------------------------------+
  | Version: 1.0 - Initial Release                                        |
  | Author: Andreas Mallek <mallek@regfish.com>                           |
  | Copyright (c) 2002 regfish.com domain name service portal             |
  +-----------------------------------------------------------------------+
  | if you need it, use it! if you want to deploy, deploy.. but please..  |
  | don't deploy or distribute without the copyright informations!!       |
  +-----------------------------------------------------------------------+
*/

$basedir = "/path/to/your/wwwroot"; /* without "/" at the and */

if( !isset($_facl_func_deny) || $_facl_func_deny[0]!='__FACL_HEADER_SIGN')
{
    $_facl_func_deny = Array (
        '__FACL_HEADER_SIGN',
        '_variable_callback',   /* don't allow facl _variable_callback */
        '_function_callback',   /* and _function_callback()            */
        'mysql(.*)',            /* don't allow mysql* functions!       */
        'fopen(.*)',            /* dont' allow fopen function!         */
        'system',               /* and so on...                        */
        'exec',
        'mail',
        'file(.*)',
        'var_dump(.*)',
        'print_r(.*)',
        'getenv(.*)',
        'setenv(.*)',
        );
}

if( !isset($_facl_var_deny) || $_facl_var_deny[0]!='__FACL_HEADER_SIGN')
{
    $_facl_var_deny = Array (
        '__FACL_HEADER_SIGN',
        '_facl_parseable_content',
        'GLOBALS',            /* DON'T ALLOW ACCESS TO $GLOBALS        */
        'SCRIPT_NAME',        /* DON'T ALLOW ACCESS TO $SCRIPT_NAME    */
        'basedir',            /* and so on...                          */
        );
}

if( !isset($_facl_include_allow) || $_facl_include_allow[0]!='__FACL_HEADER_SIGN')
{
    $_facl_include_allow = Array (
        '__FACL_HEADER_SIGN',
        'libs/lib-global.php', /* __ALLOW__ ACCESS TO $basedir/libs/lib-global.php !!! */
        );
}

$buffer = file("$basedir$SCRIPT_NAME");

function _function_callback($matches)
{
    global $_facl_func_deny;
    global $line, $buff;

    $val   = $matches[1];
    $param = $matches[2];

    for($i=1;$i<sizeof($_facl_func_deny);$i++)
        if( eregi($_facl_func_deny[$i], $val) )
            return ($buff="echo "<b>ERROR on Line $line at Position ".strpos($buff,$val).": Function "$val" not accessable!</b><br>";n");

    return $buff;
}

function _variable_callback($matches)
{
    global $_facl_var_deny;
    global $line, $buff;

    $val = $matches[1];

    for($i=1;$i<sizeof($_facl_var_deny);$i++)
        if( eregi($_facl_var_deny[$i], $val) )
            return ($buff="echo "<b>ERROR on Line $line at Position ".strpos($buff,$val).": Variable "\$".$_facl_var_deny[$i]."" could not be used
!</b><br>";n");

    return $buff;
}

function _include_callback($matches)
{
    global $_facl_include_allow;
    global $line, $buff, $SCRIPT_NAME;

    $val = $matches[4];
    $whole = $matches[0];

    $sn_ar = explode("/", $SCRIPT_NAME);
    $sn_sz = sizeof($sn_ar);
    $vl_ar = explode("/", $val);
    $vl_sz = sizeof($vl_ar);

    for($i=($s=($vl_sz-$sn_sz));$i<sizeof($vl_ar);$i++)
    {
        if($i!=$s)
            $path .= "/";
        $path .= $vl_ar[$i];
    }

    if( !in_array($path,$_facl_include_allow) )
        return ($buff="echo "<b>ERROR on Line $line at Position ".strpos($buff,$whole).": Access to Include/Require $val forbidden by rule!!</b><br>";n");

    return $buff;
}

$_facl_parseable_content = "";
$_php_in = 0;

while( list($line,$buff) = each($buffer) )
{
    /* are we in php code? "<?(.*)?>" */
    if( preg_match('/'.preg_quote("<?").'/',$buff) == 1)        $_php_in = 1;
    elseif ( preg_match('/'.preg_quote("?>").'/',$buff) == 1 )  $_php_in = 0;

    if($_php_in)
    {
        $tmp = trim($buff);
        if($tmp[0]=='#')
            continue;
        preg_replace_callback('/([_A-Za-z0-9]{1,})((.*))/',        '_function_callback', $buff);
        preg_replace_callback('/$([_A-Za-z0-9]{1,})/',              '_variable_callback', $buff);
        preg_replace_callback('/(include|require(.*))(.+)'(.*)'/', '_include_callback',  $buff);
    }

    $_facl_parseable_content .= $buff;
}

/* cleanup */
unset($buff);
unset($buffer);
unset($line);
unset($_facl_func_deny);
unset($_facl_var_deny);
unset($_facl_include_allo);
unset($tmp);
unset($_php_in);

/* NOW EVAL THE REST OF USERS CODE! */
/* (eval outputs content!)          */
eval('?>'.$_facl_parseable_content.'<?');

/* EXIT THIS CODE IN ALL CASES !! */
exit;
}
?>

Search

Subscribe

  Rss Feeds

Recently Searched

php script" class="neww" target="_b, how to use this code, php_tools, yahoo_status_shopping_cart.php, php file upload, shopping_cart and user=0--, drop down, mysql_commit, forum, shopping_cart', backup, updateoraddimagesonpages, rtttl to 8 bit source code, stefan_hornea, rent_and_0=1_union_select, how to run php, php_script"_class="neww"_target="_blank"_title="im_neuen, embed_snippets, farah_aead, sql incection, antoine anik

Sponsors

Advertise

Copyrights 2010 PhpSnip.com. All rights reserved.