What's wrong with this php/regex

Question

The goal is to take the current working directory split it at /clients/ and see if the user is in

[something]/clients/[their username]/[something]

for example, the goal would be for input:

cwd = "/volumes/raid0/www/clients/mikey/test_folder/"
$session->username = "mikey"

to return with

$authorized = true

I would like this to recognize both UNIX and Windows paths, so it should look for "/" or "\". It is assumed that filenames won't contain these characters.

Also, the isAdmin() bit is supposed to give admins access to all directories.

right now, PHP says:

Warning: unexpected regex error (8) in c:\apache\htdocs\clients\mikey\index.php on line 69

here's the code as it stands. (line 69 is noted in the comments.)

if($session->isAdmin())
{
    $authorized = true;
} 
else 
{
  // split cwd at the first instance of /clients/
  $dir = spliti('%(\/|\\)clients(\/|\\)%',getcwd(),2); //this is line 69
  if(count($dir) == 2) // if /clients/ was in cwd
  {
    // check if the second piece of cwd starts with the username.
    $authorized = (preg_match('/^'.$session->username.'//*.$/', $dir[1]));
  } 
  else 
    $authorized = false;
}

Answer 1

Something like this might get you started:

<?php
$regex = '%(.+)(/|\\\\)clients(/|\\\\)(.+)(/|\\\\)(.+)(/|\\\\)%';

preg_match($regex, "/volumes/raid0/www/clients/mikey/test_folder/", &$matches);
var_dump($matches);
?>

Outputs:

 array(8) {
  [0]=>
  string(45) "/volumes/raid0/www/clients/mikey/test_folder/"
  [1]=>
  string(18) "/volumes/raid0/www"
  [2]=>
  string(1) "/"
  [3]=>
  string(1) "/"
  [4]=>
  string(5) "mikey"
  [5]=>
  string(1) "/"
  [6]=>
  string(11) "test_folder"
  [7]=>
  string(1) "/"
}

Should allow you to write this piece of code much shorter. Keep in mind that you have to double escape. It's ugly, I know.

Answer 2

There is no need to use regular expressions here, you're looking for a string in another string. So that would be something like:

$isAuthorized = strpos(str_replace('\\', '/', getcwd()), "/clients/$username/") !== FALSE;

Answer 3

Does your regex try to account for backslashes in the paths too? That's probably not necessary. Then you can split on:

'%/clients/%'

(You shouldn't need to escape the regular slash since you use % as the regex delimiter.)

Answer 4

This code has not been tested, standard disclaimers apply:

if($session->isAdmin()) {
   $authorized = true;
} else {
   // split cwd at the first instance of /clients/
   $dir = preg_split('/(\/|\\)clients(\\|\/)/i', getcwd());
   if(count($dir) == 2) { // if /clients/ was in cwd
      // check if the second piece of cwd starts with the username.
      $dir = preg_split('/\/|\\/', $dir[1]);
      $authorized = ($dir[0] == $session->username);
   } else {
      $authorized = false;
   }
}

Answer 5

This fixed my PHP warning:

if($session->isAdmin())
{
    $authorized = true;
} else {
    // split cwd at the first instance of /clients/
    $dir = spliti('%(/|\\\\)clients(/|\\\\)%',getcwd(),2);
    if(count($dir) == 2) // if /clients/ was in cwd
     {
      // check if the second piece of cwd starts with the username.
      $authorized = (preg_match('%^'.$session->username.'*(/|\\\\)*.$%', $dir[1]));
    } else $authorized = false;
}

The problem is, spliti() is not splitting my cwd() return... The cwd() return I'm testing with is:

c:\apache\htdocs\clients\mikey

I want to be able to use either "/" or "\" which kind of forces me to use regex (to my knowlege.)

Ruben's solution is less elegant (it seems to limit the directory depth allowed) but might work if I can't figure this out.

I'm going to keep hammering away and see if I can sort out what's happening (it seems to all be a problem in my spliti() regex at this point.)

input/feedback is always appreciated, even if it isn't a full solution to the problem (or even related. Let me know if my code sucks.)

thanks! --Will (OP)

Answer 6

The no-complicated-regex variant of this would be:

• split the string at "/" or "\"
• search the resulting array for "clients"
• if found, check if the element at the next position is equal to the username

In PHP (untested, though):

function isAuthorized($session)
{
  $authorized = $session->isAdmin();

  if(!$authorized)
  {
    $parts = split("[/\\\\]", $path);

    // find "clients", compare the following bit to the $session->username
    $clients_pos = array_search("clients", $parts);
    if ($clients_pos && count($parts) >= $clients_pos) 
      $authorized = ($parts[$clients_pos + 1] == $session->username);
    else
      $authorized = false;
  }
  return $authorized;
}

Answer 7

OKAY, this is solved. I needed to replace split() with preg_split()...

Answer 8

I’d check what DIRECTORY_SEPARATOR is currently used and then do a simple strpos check on it:

$cwd = getcwd();
if (DIRECTORY_SEPARATOR != '/') {
    $cwd = str_replace(DIRECTORY_SEPARATOR, '/', $cwd);
}
$authorized = (strpos($cwd, '/clients/'.$session->username.'/') !== false);