Hey everyone,

This is related to the question I asked earlier http://phpbuilder.com/board/showthread.php?t=10335587 (I would have put this question as a thread in that discussion, but the point of that topic was resolved. So here's a new topic.)

Anyway, I am still working on doing a "virtual directory" (using PHP as a front-end to accessing physical files and folders in a UNIX environment, while keeping track of permissions for certain folders in a MySQL database table.)

My problem is this: When a user is navigating through the file manager (PHP front-end) for the time being, I grab permissions from the database table ONCE and put it in a $SESSION variable as an array of all of the different permissions for certain folders. But the problem is... the $SESSION array is old once I fill it up with database table data...

What happens when a new folder with new permissions is added to the physical directory and database table? If a user is in the process of browsing the file manager (PHP front-end) they will be able to see the new physical folder, but it won't have ANY permissions yet because the $_SESSION variable is the same as before.

I'm just trying to avoid having to grab permissions data from the database EVERY TIME someone traverses through a directory. (Ultimately I would like to implement all of this with Javascript, but the problem still remains in the case of making a Javascript/PHP file manager.)

Any ideas? This has been making me go crazy lately, just trying to get this big project over with. Thanks,

Andy

    Sounds like you are loading permissions and doing permission checking before someone does something to a folder?

    Wouldn't it be better to check if a folder was writeable, readable upon each request instead? So, when I make a request to make a folder, and I am denied, you could just throw and exception letting the user know they can not write to a particular folder....or if I am trying to read/open a folder, you would throw an exception for that stating you can not open or read this particular folder.

    I think what you REALLY should do is have PHP work with the UNIX system more in managing users, permissions, and groups. Yes security is involved here, so you will have to code wisely, but making pseudo-permissions using PHP and MySQL creates a great amount of overhead, and a nightmare it would seem for a programmer to manage and upgrade, etc.

      Thanks for the reply.

      Hey, I know what you mean about the extra overhead and nightmare situation. The reason I can't just use PHP and the UNIX filesystem itself is this:

      All of this runs using one user, www.

      If this was directly tied to the UNIX filesystem and users/groups/permissions, then it would be a lot easier to do this.

      My problem is, how to create multiple users that are directly related to the PHP/MySQL system... but are not actual users on the UNIX filesystem. Kind of a many-users through one user type of situation. And I don't know how to make it so there isn't a lot of overhead without losing security.

        11 days later

        Any other thoughts/ideas on this? Anyone?

        EDIT: This is the type of idea I am working towards. http://pfn.sourceforge.net/index.php?opc=4&lg=ing Except, I don't think that script has an option for what I'm trying to do. For example, having group folders where both administrators and users can add files, but users can't delete the actual group folder.

        I can't just change the physical folder permissions because if I did that, the files wouldn't be viewable to the public when viewed in a browser. Unless someone knows something I haven't considered about it...

          I think I actually might just use XML files in each directory to determine virtual permissions for folders and files contained therein. SimpleXML makes it easy.

          ... or just scrap the idea because this is getting unnecessarily complicated.

            Write a Reply...