Home arrow Enhance Access Control!
Font Size: larger smaller Font Color:                                                 reset
ByOS Technologies Logo

ByOSTech Chartered Membership
In stead of collecting donations, we have decided to implement Chartered Membership. Chartered Members will have access to earlier releases, special releases and other priceless support services. We need your supports and in return we will support you either. Subscribe to our Chartered Membership is fully OPTIONAL. Read more...

Earlier Access and Special Releases:

  1. JACLPlus Pro v1.5.26 Stable for Joomla! 1.5.26 Stable
  2. JACLPlus v1.0.15a for Joomla! 1.0.15 Stable Free!!!
  3. JACLPlus Pro v1.0.15 for Joomla! 1.0.15 Stable
  4. MACLPlus Pro v4.6.2 for Mambo 4.6.2
  5. Patch File for Joomla/Coppermine Bridge
  6. MACLPlus v4.5.4 for Mambo 4.5.4 Stable with Mamlang 1.2
  7. Extended Menu 1.0.5 (JACLPlus Ready)
    Extended Menu 1.0.3 (MACLPlus Ready)
  8. Infinity Menus V1-0-83 (JACLPlus Ready)
    Infinity Menus V1-0-83 (MACLPlus Ready)

How to use JACLPlus/MACLPlus to Enhance Your Component Access Control Print E-mail
Written by Web Master   
Thursday, 03 August 2006

How to use JACLPlus/MACLPlus To Enhance Your Component Access Control (Part 1)
This article is new and still under improvement)

This article intend to show you how to use JACLPlus/MACLPlus to enhance your component access control either at backend or at frontend. When we say enhance, we really mean that we will add advanced access controls into the component. It is not just mean to add some basic access checking to the component to make it controllable by JACLPlus/MACLPlus. Anyway, in this article we will try the best to cover up all the necessary information and how to add the necessary access control checking from basic to advanced to enhance your component access control.

In this article, we will use weblinks component as our example and guide you step by step to enhance its access control. After complete reading this article (including part 2), you will be able to use the same concept to enhance your other components' access control. This article will show you how to enhance your weblinks component access control by using JACLPlus/MACLPlus to manage:
1) who can submit weblinks. (completed) (Chartered Member Only)
2) who can view the weblink (click on weblink to follow its url). Coming soon...(Chartered Member Only)
3) who can view weblinks in certain categories (access certain weblink categories). Coming soon... (Chartered Member Only)
*Special: Put access checking code in template file to enhance backend access control. (completed) (Chartered Member Only)

Requirements to use this article:
1) Basic knowledge of backup and modify PHP files.
2) Joomla system with JACLPlus or Mambo system with MACLPlus.
3) Familiar with Joomla/Mambo.
4) Know where to add Access Control Rule (ACR) thru JACLPlus or MACLPlus.
5) Basic knowledge of PHP if you want to add advanced access controls.

The Location of Main Files of a Component
As we know, Joomla/Mambo have backend and frontend access. Component files used for backend are normally located in /administrator/components/ directory. Meanwhile, component files used for frontend are normally located in /components/ directory. Upon access a component, Joomla/Mambo will load the component main file. At frontend, the component main file will be the PHP file with a filename that same to component name. For example, the weblinks component frontend main file is weblinks.php that located under /components/com_weblinks/ directory. At backend, the component main file will be the PHP file with a filename that same to component name and with a prefix of "admin.". Therefore, in our example, the backend main file for weblinks component is admin.weblinks.php which is located in /administrator/components/com_weblinks/ directory. Figure 1 show you how to determine component main files through access URL.

Figure 1: Use URL to determine the main files of a component.

How to determine there is Access Control/Checking in Component
In order to control the access of a component, you need to make sure there is an access checking in the component main file. For example, if you want to implement frontend access control for the weblinks component, you will have to make sure there is an access checking in weblinks.php file. If you want to implement backend access control for the weblinks component, then you will have to make sure there is an access checking in admin.weblinks.php file. How to determine there is Access Control/Checking in a component? The answer is to look for a function called $acl->acl_check(). Joomla/Mambo and JACLPlus/MACLPlus use this function to check access permission. This function receive 6 arguements based on user and will return a value of true or false based on ACR either predefined by Joomla/Mambo or defined/added by you thru JACLPlus/MACLPlus. For example, $acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'com_weblinks' ) will look for the administration->edit->users->User Group->components->com_weblinks ACR in Joomla/Mambo ACL.  If it found the ACR and the ACR is enable, then it will return true or else it will return false.

Add Basic Access Control/Checking to Component
If you open weblinks.php file, you may notice that there is no access checking for that file. Therefore, there is no Access Control Rule(ACR) can control the access of this weblinks component at frontend. In order to use ACR to control this component at frontend, you can add the below access checking code on top of the weblinks.php file just after the "defined( '_VALID_MOS' ) or die( 'Restricted access' );" code.

Basic Frontend Access Checking Code to add in on top of the weblinks.php file: 

// ensure user has access to this function
if (!($acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'all' )
        | $acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'com_weblinks' ))) {
    mosRedirect( 'index.php', _NOT_AUTH );

Explanation: The above code will look for  administration->edit->users->User Group->components->all or administration->edit->users->User Group->components->com_weblinks ACRs for the user. If it found one of them and is enable, then it will continue to process other code or else it will stop and redirect the user to index.php page. Therefore, by adding this access checking code on top of the weblinks.php file, you can use these two ACRs to control the frontend access of the weblinks component now! However, this is not so good because now ONLY login user can use the component at frontend due to "Public Frontend" group for public user can't support ACR yet.

Once you have added the above access checking code into weblinks.php, you will need to add administration->edit>users->Super Administrator->components->com_weblinks ACR to Super Administrator group before you can add this type of ACR to other group.
By adding this administration->edit>users->Registered->components->com_weblinks ACR to Registered group and enable it, all your Registered group users will be able to access weblinks component or vice versa.

If you open admin.weblinks.php file, you may notice that there is access checking in that file. The access checking code is just below the "defined( '_VALID_MOS' ) or die( 'Restricted access' );" code. Therefore, there are two ACRs can control the access of this weblinks component at backend.

Basic Backend Access Checking Code that already in the admin.weblinks.php file:

// ensure user has access to this function
if (!($acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'all' )
        | $acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'com_weblinks' ))) {
    mosRedirect( 'index2.php', _NOT_AUTH );

Note: Backend access checking code will redirect to index2.php page of backend instead of index.php upon no access.

Some of you may noticed that the backend com_content main file ( / administrator /components / com_content / admin.content.php) do not have access checking as well. Therefore, all backend users will be able to access the com_content at backend to add/edit/publish content items. You can add basic access checking code into the file to make it controllable by ACR. Using this simple concept, you will be able to make all your components controllable by JACLPlus/MACLPlus either at frontend or backend!

Add Advanced Access Control/Checking to Component (Chartered Member Only)

Last Updated ( Friday, 18 August 2006 )
Main Menu
About Us
Product - JACLPlus!
JACLPlus Support List
How To - JACLPlus!
Contact Us / Help Support
Chartered Member
Enhance Access Control!
New JACLPlus Demo
Installation Guide Installation Guide
Upgrading Guide Upgrading Guide
Uninstallation/Rescue Guide Uninstallation/Rescue Guide
Member Login
Visitors: 20973974
Who's Online
We have 5 guests and 4 members online
ionCube PHP Encoder ionCube PHP Encoder
The ultimate security solution to protect & accelerate runtime performance for PHP 4 & PHP 5 scripts
ionCube Package Foundry ionCube Package Foundry
The installer creator for PHP and ASP web applications to eliminate end-user remote installation problems and failures
© 2022 ByOS Technologies
Joomla! is Free Software released under the GNU/GPL License.
For Free Consultation
ByOSTech Chartered Membership!