add/remove modules from admin system?

leon24

Hi guys,

firstly i like to say good day to everyone here, seen am new to this forum/website.

I am currently working on a project using php & mysql, however i have some problems which i cannot solve by myself (not smart enough), so i would like to ask for your expertise regarding this problem.

Problem:

Don't know how to add/remove modules into admin system.

I want to be able to add/remove modules into the systems (record it into the database), then assign access permission to certain user groups.

Am not sure where to start and what are the steps, could someone please give me some guidelines, resources or websites where i can do some further research? If possible some codes to start off would be greatly.

Thank you

wilku

I have done some similar jobs using classes.

The idea was for me to have a separate folder for modules. The name of the module was in the file name (like "ModuleName.class.php").
Module loader looked into the folder, read all the names and gave the possibility to choose from available modules. All module classes were written according to the same template:

class ModuleName 
{
 var $name='ModuleName';

 function Run()
 {
   //do what the module should do here
 }
}

Module loader worked as follows:

//choose which module to run, put your decision in $module_name and then...
include($path_to_modules.$module_name.'.inc.php');
$module_obj = new $module_name;
$module_obj->Run();

In this approach system of permissions can be implemented, adding one more function to the template, like CheckPermissions($current_user_permissions), which will return true or false;
Installation of modules is as simple as uploading files into this directory (which is the biggest drawback of this method - security - but you can implement some hash based algorithm to check, whether this module is genuine, written by you).
If you want to use database to store info about your module, I don't see any problems. The scheme would be the same, but modules could be loaded with info from the database instead of folder (more secure probably).

leon24

hi wilku,

thank you for your reply, that kind of gave me the idea for linking the classes together.

what my cms system currently have is a index.php file that acts as a controller to redirect the script to do certain action base on use request.

say, module.php?a=addgroup, it then redirect and go through the adding group process.

what you currently have there, am not quite clear on how to adapt that into my existing system.

also what i currently have is this 4 tables, accounts (manage user accounts), groups (manage user groups), modules (manage modules & assign access permission to certain user groups), mods_groups (use for many to many relationship between modules and groups)

what i really need is a script that will automatically detect the module when i upload it into a folder call "modules" then somehow link that to the modules table in mysql so i can assign permission and control that module using the database instead of having to configure the config.php on every module.

my english is not too great, i hope you understand what i mean.

thank you

bretticus

So are you saying that you want to simply upload a php class (module) into a folder that just shows up in a menu somewhere (maybe for an admin account) and then let's you divvy out permissions for it's use? For example, you just uploaded adduser.class.php into your modules/plugin folder. When you browse your modules admin page, you see a new option: adduser. When you give permission to a given user to use that module, he or she has "adduser" appearing in his or her menu. Now, he or she can click on that link and whatever is in that module runs automatically without you having done anything other than uploading the file and setting permissions?

If the scenario above is correct, wilku gave you a very good clue on how to implement this. To reiterate and expand on some of his ideas...

your index page never really redirects (in a conventional browser way.) Instead, the menu of allowed actions is generated from querying your modules table joining your permissions tables. How the menu is generated can be accomplished actively or passively.

Actively, by you using a form to upload the file under your admin account. This is advantageous because you specify the moment the module gets added to the system. I like the idea of making a file hash as suggested by wilku. In other words, at this point you can issue:

$hash = md5(file_get_contents($_FILES['userfile']['tmp_name']));

Which will render a hash you can store in the database to validate files as you dynamically load them for security reasons. In other words, if somebody modifies your modules, you can throw an error because the present module hash will no longer match the hash value recorded in your database. Also, this would help you avoid a common security vulnerability where a malicious user does a "module.php?a=http://evilsite.com/hack.php" on you taking advantage of allow_url_fopen being turned on. This, in turn, lets the malicious user run any code of his or her choosing on your system (not good!)

Passively, you could scan the module directory each time a user loads the menu (index.php) page. I guess the difference is if you want the convenience with the overhead of scanning each time, or you want to just store the modules in the database one time with the inconvenience of having to add it via a Web form. Since, you have to manually setup the permissions anyway (I would think), I think the latter is not really much of an inconvenience.

Yet, another way is to run a cron job that uses a bash script or even a PHP file ran from the command prompt to scan the directory and update the database. You could run it every 30 minutes or so. Of course this would force you to wait until the job runs to be able to setup permissions for the newly added module(s).

As far as how the modules work, I think wilku's plugin approach is a great idea (pending the security implementations.)

Good luck

leon24

Hi guys,

thank you for your replies,

let me try again to make it clearer by putting it into a scenario:

i have a cms, i want the staff in my business to be able to access accounts so they can contact my clients, add new clients to database, delete or modify their details. Now i need to be able to grant them that access. secondly, i also want a dynamic or flexible system, say in the future i want to keep stock of all my products, now i need to add in the inventory module. how will i make my system flexible enough so that i can add in additional modules without having to go through the trouble of changing the core codes of my cms. ideally i like to be able to create a module, put it into a folder call "modules", login to the administrator panel, look at my modules manager and see that the new module has been detected. after that i want to add that module into the database, assign permission to my staff group so they can have access the inventory.

that's about it, what am confused about is how do i do this:

detect the new module
add the module into the database
build a menu for the module so user who has access permission only can use it
get the module to verify that the user has permission to the module.

i hope am clear this time.

wilku

Well, yes, that's how I undetstood your task, when I've written my post.
With all that above held valid:
Ad. 1
You can have a separate function DetectNewModules(). In that function you can read the module directory ([man]readdir[/man]) and for all the class files, check if it is in module table in the database. If it isn't, insert new row to your table modules.
Ad. 2
What do you expect? table definitions and detailed sql queries to INSERT? 😉
I would have a table named modules with columns like id, module_name,hash
for such table insert query would look like:

 INSERT INTO modules('module_name','hash') VALUES('$module_name','$hash')

provided that id would be auto_increment int and $module_name and $hash would hold module information

www.mysql.com/doc - a good point to start, otherwise find some sql tutorial (mysql probably).
search google for database normalisation to learn how to build well organised databases

Ad. 3,4
You can have separate cross-reference table for linking users or group of users (if you have some permissions system already implemented) to modules (columns: type - enum('user','group), id (of user or a group), module_id). Then query database when a specific user tries to access this module (or list all modules accessible by this user, when building menus - see the link provided above for how to build such queries - hint: it will be SELECT)

I hope this will help. I am not going to give you the exact code for two reasons - I've got other things to do then doing someones work and you'll not learn that way. But if you try to implement the scheme described by bretticus and me and you'll run into some troubles I'll be happy (and I'm sure others will be too 🙂) to help.

leon24

Thanks wilku,

i will give it a go, will test it out and post the result here to share with anyone who is interested.

cheers