Use of constants

I would appreciate some input to validate or crush my thought process. I have a security profile based on roles and let’s call them security tags such as ADDNEW. If a role is assigned ADDNEW they can view the add records page and add records to the app. Every time a person enters through a controller the security profile is built dynamically from the db. The values are then stored in constants as true or false.

Every time I have a point in the app where I need to verify access, I use a

if (defined('C_ADDNEW']) && C_ADDNEW) do something;

I am using the defined because if by some chance it didn’t get defined then php assumes it is true (not sure why but it seems that is the way). And there is no reason it shouldn’t be defined every time but in the case that a mistake might be made or whatever I would rather all the doors slam shut rather than spring open.

So the request is is this a viable way to do this? Are there better ways? Thanks for any input.

I think you answered your question right there when you wrote that, for constants are not dynamic. Unless you want to protect files from direct access, I wouldn’t use that. IMO user’s database is to fluid for that. Others might have a different opinion.

Thanks for the input. So if you don’t keep security profile information in the database, where do you keep it?

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.