Skip to main content

Overview

The Seguridad system implements a role-based access control (RBAC) system using numeric and string-based permission codes. Each user is assigned a categoria (category) or permisos (permission) code that determines their access level and routing within the application.

Permission Architecture

// User login validation
$sql = "select usd, pwd, permisos 
        from usuario 
        where usd='$user1' and pwd='$pass1'";
$res = pg_exec($sql);
$row = pg_fetch_row($res);

$_SESSION["_usr"] = $row[0];
$_SESSION["_pass"] = $row[1];
$_SESSION["_categoria"] = $row[2];

// Route based on permission code
if (strcmp($row1[0], "0") == 0) {
    // Redirect to admin index
} else if (strcmp($row1[0], "1") == 0) {
    // Redirect to UR1
}
// ... continued for all permission codes

Permission Codes Reference

Administrative Permissions

0
permission
System Administrator
  • Routes to: index1.php (main admin interface)
  • Full system access
  • Can manage all regional units
100
permission
Regional Administrator
  • Routes to: admin/cabecera1.php
  • Administrative panel access
  • User management capabilities
  • Regional oversight functions

Regional Unit Permissions (1-15)

1
permission
Unidad Regional 1Routes to: ur1/cabecera1.php
2
permission
Unidad Regional 2Routes to: ur2/cabecera1.php
3
permission
Unidad Regional 3Routes to: ur3/cabecera1.php
4
permission
Unidad Regional 4Routes to: ur4/cabecera1.php
5
permission
Unidad Regional 5Routes to: ur5/cabecera1.php

Consultation Permissions

20
permission
General Consultation
  • Routes to: consulta/index1.php
  • Read-only access to records
  • Query capabilities
200
permission
Extended Consultation
  • Routes to: consulta2/index1.php
  • Advanced query features

Judicial Permissions (21-28)

Juzgado 1 - Code 21

Routes to: primera_circuncripcion/juzgado1/menu_consulta.php

Juzgado 2 - Code 22

Routes to: primera_circuncripcion/juzgado2/menu_consulta.php

Juzgado 3 - Code 23

Routes to: primera_circuncripcion/juzgado3/menu_consulta.php

Juzgado 4 - Code 24

Routes to: primera_circuncripcion/juzgado4/menu_consulta.php

Juzgado 5 - Code 25

Routes to: primera_circuncripcion/juzgado5/menu_consulta.php

Juzgado 6 - Code 26

Routes to: primera_circuncripcion/juzgado6/menu_consulta.php

Juzgado 7 - Code 27

Routes to: primera_circuncripcion/juzgado7/menu_consulta.php

Juzgado 3 (Tercera) - Code 28

Routes to: tercera_circuncripcion/juzgado3/menu_consulta.php

Specialized Department Permissions (90-99)

  • Routes to: operaciones/index1.php
  • Operational planning and coordination
  • Routes to: carga_datos/index1.php
  • Bulk data loading capabilities
  • Routes to: subsecretaria/index1.php
  • Administrative oversight
  • Routes to: toxico/cabecera1.php
  • Drug-related case management
  • Routes to: unicef/index1.php
  • Child protection cases
  • Routes to: fuga_hogar/index1.php
  • Runaway cases tracking
  • Routes to: recursos_dependientes/index1.php
  • Resource management
  • Routes to: homicidio_accidente_transito/index1.php
  • Traffic accident fatalities
  • Routes to: suicidio/index1.php
  • Suicide investigation records
  • Routes to: transito/index1.php
  • Traffic enforcement and violations

Query-Only Permissions (800-807)

800 - Vehicle Search

Routes to: buscar_dominio.php

801 - Prevention Search

Routes to: buscarpreventivosoloconsultas.php

802 - Domestic Violence

Routes to: operaciones/violencia_familiar.php

803 - Operations

Routes to: operativos/index.php

804 - Internal Affairs

Routes to: asuntos_i/cabecera1.php

805 - Road Safety

Routes to: seguridad_vial/cabecera1.php

806 - Vehicle Verification

Routes to: verificacion_automotor/cabecera1.php

807 - Map Console

Routes to: consultaMapa.php

String-Based Permissions

Sub-jefe
string-permission
Deputy ChiefRoutes to: consulta_mapa_simple.php
dirseguridad
string-permission
Security DirectorRoutes to: dirgral/index1.php
comisaria
string-permission
Police StationRoutes to: comisarias/cabecera1.php
operaciones
string-permission
OperationsRoutes to: operativos/ directory
4444
special-permission
Federal CrimesRoutes to: delitos-federales/index1.php
100000
test-permission
Testing EnvironmentRoutes to: prueba/cabecera1.php

Access Control Implementation

Session-Based Validation

@session_start();
error_reporting(0);

if (!isset($_SESSION["_usr"])) {
    echo "Tu no estas autentificado - RESTRICCION TOTAL";
    exit();
}

// Session timeout management
$fechaGuardada = $_SESSION["ultimoAcceso"];
$ahora = date("Y-n-j H:i:s");
$_SESSION["ultimoAcceso"] = $ahora;

$categoria = $_SESSION["_categoria"];

Permission Assignment Workflow

1

User Creation

Administrator creates user account with assigned permission code
2

Authentication

User logs in with credentialsSystem validates against usuario table:
SELECT usd, pwd, permisos 
FROM usuario 
WHERE usd='$username' AND pwd='$password'
3

Session Initialization

Permission code stored in $_SESSION["_categoria"]
4

Routing

System redirects to appropriate interface based on permission code
5

Access Validation

Each protected page validates session and permission level

Security Considerations

Critical Security Issues
  1. Plain Text Passwords: Database stores passwords without hashing
  2. SQL Injection: Direct variable interpolation in queries
  3. Session Fixation: No session regeneration on login
  4. Error Suppression: @ operator hides security errors
// Use password hashing
$hashed = password_hash($password, PASSWORD_ARGON2ID);

// Verify on login
if (password_verify($input_password, $hashed_from_db)) {
    // Authenticate
}

Permission Matrix

CodeTypeAccess LevelPrimary Function
0AdminFull SystemSystem Administration
1-15RegionalUnit-SpecificRegional Unit Operations
20-28JudicialRead-OnlyCase Consultation
90-99SpecializedDepartmentSpecialized Functions
100AdminRegionalRegional Administration
800-807QueryLimited ReadSpecific Queries

User Management

Create and manage user accounts

Regional Units

Regional organizational structure

System Configuration

Session and security settings

Database Setup

Configure authentication tables

Build docs developers (and LLMs) love

Get started for freeTalk to us