1 |
<?php
|
2 |
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/perm.inc,v 1.5 2006/07/03 03:46:24 dashley Exp $
|
3 |
//--------------------------------------------------------------------------------------------------------------
|
4 |
//perm.inc--FboPrime User Permission String Processing
|
5 |
//Copyright (C) 2006 David T. Ashley
|
6 |
//
|
7 |
//This program is free software; you can redistribute it and/or
|
8 |
//modify it under the terms of the GNU General Public License
|
9 |
//as published by the Free Software Foundation; either version 2
|
10 |
//of the License, or (at your option) any later version.
|
11 |
//
|
12 |
//This program is distributed in the hope that it will be useful,
|
13 |
//but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14 |
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15 |
//GNU General Public License for more details.
|
16 |
//
|
17 |
//You should have received a copy of the GNU General Public License
|
18 |
//along with this program; if not, write to the Free Software
|
19 |
//Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
20 |
//********************************************************************************
|
21 |
//This includes functions used to process user permission strings, and explains
|
22 |
//the format of permission strings (but not textual descriptions of what the
|
23 |
//variables mean or the semantics). For explanation of the semantics of the
|
24 |
//permission string variables, please see permview.inc.
|
25 |
//--------------------------------------------------------------------------------------------------------------
|
26 |
require_once("global.inc");
|
27 |
require_once("strfunc.inc");
|
28 |
//
|
29 |
//--------------------------------------------------------------------------------------------------------------
|
30 |
//Format of an individual permission:
|
31 |
// a)Begins with a single backslash.
|
32 |
// b)Followed by at least one letter of either case (parameter names are case-sensitive).
|
33 |
// c)Followed by aribitrarily many letters and numbers.
|
34 |
// d)Followed by "=".
|
35 |
// e)Followed by a quotation mark.
|
36 |
// f)Followed by the actual parameter--only spaces, letters, hyphens, periods, and numbers are allowed.
|
37 |
// The empty string is allowed.
|
38 |
// g)Concluded by another quotation mark.
|
39 |
//
|
40 |
//Format of a permission string:
|
41 |
// a)Simple concatenation of aribitrarily many individual permissions as described above.
|
42 |
//
|
43 |
//The format in general is designed for rapid search. The string functions will find parameter
|
44 |
//names quite quickly.
|
45 |
//--------------------------------------------------------------------------------------------------------------
|
46 |
//Retrieves the value of a parameter within a string, or FALSE if the parameter does not
|
47 |
//exist in the string.
|
48 |
//
|
49 |
//The permission string must be properly formatted.
|
50 |
//
|
51 |
//Unit-tested 20060427.
|
52 |
//
|
53 |
function PERM_get_val_from_string($permstring, $permname)
|
54 |
{
|
55 |
$idx = strpos($permstring, "\\" . $permname . "=");
|
56 |
|
57 |
if ($idx === FALSE)
|
58 |
{
|
59 |
//Value not found. Indicate this to the caller with FALSE.
|
60 |
return(FALSE);
|
61 |
}
|
62 |
else
|
63 |
{
|
64 |
//Value was found.
|
65 |
$len = strlen($permstring); //Record the length for efficiency.
|
66 |
|
67 |
//Grab the offset of the two quotes following the parameter name.
|
68 |
$q1pos = FALSE;
|
69 |
$q2pos = FALSE;
|
70 |
$q1pos = strpos($permstring, "\"", $idx);
|
71 |
if (($q1pos !== FALSE) && ($q1pos < ($len-1)))
|
72 |
$q2pos = strpos($permstring, "\"", $q1pos + 1);
|
73 |
|
74 |
//Return the appropriate result.
|
75 |
if (($q1pos !== FALSE) && ($q2pos !== FALSE))
|
76 |
{
|
77 |
//We have a properly-quoted result. Return it.
|
78 |
return(SubStr($permstring, $q1pos+1, $q2pos-$q1pos-1));
|
79 |
}
|
80 |
else
|
81 |
{
|
82 |
//Something went wrong. Return FALSE.
|
83 |
return(FALSE);
|
84 |
}
|
85 |
}
|
86 |
}
|
87 |
//
|
88 |
//--------------------------------------------------------------------------------------------------------------
|
89 |
//Splits a permission string into its components, and returns an associative array containing the permission
|
90 |
//string names as the keys and the values as the elements.
|
91 |
//
|
92 |
//If there are no permissions in the string, returns FALSE.
|
93 |
//
|
94 |
//The string should be a properly-formatted permission string.
|
95 |
//
|
96 |
//If the are multiple entries in the string, the later value will be written
|
97 |
//over the earlier one in the associative array.
|
98 |
//
|
99 |
//Unit-tested 20060427.
|
100 |
//
|
101 |
function PERM_split_aa($arg)
|
102 |
{
|
103 |
$temp = explode("\\", $arg);
|
104 |
|
105 |
if ($temp === FALSE)
|
106 |
{
|
107 |
return(FALSE);
|
108 |
}
|
109 |
else if (count($temp) == 0)
|
110 |
{
|
111 |
return(FALSE);
|
112 |
}
|
113 |
else
|
114 |
{
|
115 |
$putidx = 0;
|
116 |
|
117 |
for ($i=0; $i<count($temp); $i++)
|
118 |
{
|
119 |
$val = $temp[$i];
|
120 |
$len = strlen($val);
|
121 |
|
122 |
if ($len >= 4)
|
123 |
{
|
124 |
$q1pos = FALSE;
|
125 |
$q2pos = FALSE;
|
126 |
$q1pos = strpos($val, "\"");
|
127 |
if (($q1pos !== FALSE) && ($q1pos < ($len-1)))
|
128 |
$q2pos = strpos($val, "\"", $q1pos + 1);
|
129 |
|
130 |
if (($q1pos !== FALSE) && ($q2pos !== FALSE) && ($q1pos >= 2))
|
131 |
{
|
132 |
$rv[SubStr($val, 0, $q1pos-1)] = SubStr($val, $q1pos+1, $q2pos-$q1pos-1);
|
133 |
$putidx++;
|
134 |
}
|
135 |
}
|
136 |
}
|
137 |
|
138 |
//Unless we couldn't find anything seemingly valid, return the array.
|
139 |
if ($putidx > 0)
|
140 |
return($rv);
|
141 |
else
|
142 |
return(FALSE);
|
143 |
}
|
144 |
}
|
145 |
//
|
146 |
//--------------------------------------------------------------------------------------------------------------
|
147 |
//Recombines a permission string that has been split from an associative array into a permission string.
|
148 |
//No hard error checking is performed, i.e. array names with invalid characters or strings with invalid
|
149 |
//characters will slip through in the interest of speed.
|
150 |
//
|
151 |
function PERM_combine_aa($arg)
|
152 |
{
|
153 |
$rv = "";
|
154 |
|
155 |
reset($arg);
|
156 |
while (list($key, $val) = each($arg))
|
157 |
{
|
158 |
$rv = $rv . "\\" . $key . "=\"" . $val . "\"";
|
159 |
}
|
160 |
|
161 |
return($rv);
|
162 |
}
|
163 |
//
|
164 |
//--------------------------------------------------------------------------------------------------------------
|
165 |
//Recombines a permission string that has been split from an associative array into a permission string.
|
166 |
//All invalid characters are stripped from both key names and values (and empty keys are dropped), leading
|
167 |
//to a guaranteed valid permission string. This function is naturally slower than the function above because
|
168 |
//of the error checking.
|
169 |
//
|
170 |
function PERM_combine_aa_error_trap($arg)
|
171 |
{
|
172 |
$rv = "";
|
173 |
|
174 |
//Since we're doing an expensive operation, might as well sort the array, too.
|
175 |
ksort($arg);
|
176 |
|
177 |
reset($arg);
|
178 |
while (list($key, $val) = each($arg))
|
179 |
{
|
180 |
if (strlen($key) > 0) //Don't want to go further if key is empty.
|
181 |
{
|
182 |
//Force the string into numbers and letters for the key.
|
183 |
$key = STRFUNC_force_into_subset($key, "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
|
184 |
|
185 |
//It is still possible that the first character is a digit, which is a no-no.
|
186 |
//Rip characters off the string until we have either a letter or an empty string.
|
187 |
while ((strlen($key) > 0) && (strpos("0123456789", SubStr($key, 0, 1)) !== FALSE))
|
188 |
{
|
189 |
$key = SubStr($key, 1, strlen($key) - 1); //Rip the character off the front.
|
190 |
}
|
191 |
|
192 |
//If we have an empty string, don't proceed.
|
193 |
if (strlen($key) > 0)
|
194 |
{
|
195 |
//Force the value into the allowable character set.
|
196 |
$val = STRFUNC_force_into_subset($val, " abcdefghijklmnopqrstuvwxyz-.ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
|
197 |
|
198 |
//Add to the string.
|
199 |
$rv = $rv . "\\" . $key . "=\"" . $val . "\"";
|
200 |
}
|
201 |
}
|
202 |
}
|
203 |
|
204 |
return($rv);
|
205 |
}
|
206 |
//
|
207 |
//--------------------------------------------------------------------------------------------------------------
|
208 |
//Forces a permission string into valid space.
|
209 |
//
|
210 |
//This can be done inefficiently by just splitting and then recombining.
|
211 |
//
|
212 |
//Unit-tested 20060427.
|
213 |
//
|
214 |
function PERM_force_into_valid_space($arg)
|
215 |
{
|
216 |
$splitval = PERM_split_aa($arg); //Split it.
|
217 |
$rv = PERM_combine_aa_error_trap($splitval); //Recombine it.
|
218 |
|
219 |
//Return value to caller.
|
220 |
return($rv);
|
221 |
}
|
222 |
//
|
223 |
//--------------------------------------------------------------------------------------------------------------
|
224 |
//End of $RCSfile: perm.inc,v $.
|
225 |
//--------------------------------------------------------------------------------------------------------------
|
226 |
?>
|