How to implement access control on functions in PHP

Question

I'm doing something like this in my controller:

$myapp->$class->$function($params)

The vars are being extracted from the request url i.e. /class/function/field1/val1/field2/val2/.../fieldN/valN

Through the website template only certain functions are linked but clearly anyone could view the source code and try to access sensitive functions which aren't supposed to be visible.

So my question is, how can I hide some functions while allowing others to be accessed through the URL?

• I want to continue using this approach if possible $myapp->$class->$function($params)
• At the same time it shoudn't work for some functions in the class i.e. $myapp->Page->delPage(...) should return an error
• While other functions should work i.e. $myapp->Guestbook->createPost(...)

I haven't implemented a user login yet but for example, Guestbook->createPost(...) would check that the user is logged in. But there are too many classes and functions so I don't want to have to write out a separate request page for each one, if possible.

Answer 1

You could have a look at how the popular PHP frameworks like Zend or Symfony handle this standard problem.
They have though a lot about it already, and their implementation is tested by thousands of users.
Both Zend and Symfony components should be usable standalone.

Zend Framework 2 Router: http://framework.zend.com/manual/2.0/en/modules/zend.mvc.routing.html

Symfony 2 Router: http://symfony.com/doc/current/book/routing.html