search
Homephp教程php手册Auth权限认证暴力来袭,有图有码有种子,绝对暴力!

Auth权限认证暴力来袭,有图有码有种子,绝对暴力!

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 07, 2016 am 11:41 AM

Auth权限认证暴力来袭,有图有码有种子,绝对暴力!
auth的相关介绍说明,官方网站上已经有很多相关文章了,我就不再重复啰嗦了.在这里,我直接上demo以及简要的说下注意事项及一点点建议.废话不多说,直接进入主题.

一、auth认证原理
auth类通过认证用户uid所在的角色组是否拥有对应的权限.如图所示
Auth权限认证暴力来袭,有图有码有种子,绝对暴力!
二、准备工作

1、建表(主要对新增的字段或表作说明,如没有改变过的表,这里不做说明)

1) tk_auth_group 用户组
CREATE TABLE `tk_auth_group` (<br>               `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,<br>               `title` char(100) NOT NULL DEFAULT '',<br>               `status` tinyint(1) NOT NULL DEFAULT '1',<br>               `rules` char(80) NOT NULL DEFAULT '',<br>               `describe` char(50) NOT NULL DEFAULT '',    #新增,对用户组作简单的说明<br>               PRIMARY KEY (`id`)<br>             ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 2) tk_auth_rule 规则表
CREATE TABLE `tk_auth_rule` (<br>               `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,<br>               `name` char(80) NOT NULL DEFAULT '',<br>               `title` char(20) NOT NULL DEFAULT '',<br>               `type` tinyint(1) NOT NULL DEFAULT '1',<br>               `status` tinyint(1) NOT NULL DEFAULT '1',<br>               `condition` char(100) NOT NULL DEFAULT '',<br>               `mid` tinyint(3) unsigned NOT NULL DEFAULT '0',    #新增,外键,和tk_modules的id对应,对规则分类处理,方便管理<br>               PRIMARY KEY (`id`),<br>               UNIQUE KEY `name` (`name`)<br>             ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 3) tk_modules 模块表
CREATE TABLE `tk_modules` (<br>               `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT,    <br>               `moduleName` varchar(20) NOT NULL DEFAULT '',    #模块名称<br>               PRIMARY KEY (`id`)<br>             ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 4) tk_members 用户表
CREATE TABLE `tk_members` (<br>               `uid` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,<br>               `username` varchar(20) NOT NULL DEFAULT '',<br>               `password` char(32) NOT NULL DEFAULT '',<br>               `score` mediumint(8) unsigned NOT NULL,    #用户积分<br>               PRIMARY KEY (`uid`)<br>             ) ENGINE=MyISAM  DEFAULT CHARSET=utf8; 2、配置文件

1) 数据库项配置(本人采用的是pdo方式,如果你的环境不支持pdo,则手动改为其它方式)
//数据库配置<br>             //pdo类型,采用dsn方式连接<br>             'DB_TYPE'=>'pdo',<br>             'DB_USER'=>'root',<br>             'DB_PWD'=>'123456',<br>             'DB_PREFIX'=>'tk_',<br>             'DB_PORT'=>'3306',<br>             'DB_DSN'=>'mysql:host=localhost;dbname=auth;charset=utf8', 2) 角色组设置,设置超级管理员组,直接跳过认证
 //超级管理员id,拥有全部权限,只要用户uid在这个角色组里的,就跳出认证.可以设置多个值,如array('1','2','3')<br>             'ADMINISTRATOR'=>array('1'), 3、注意事项

1)运行环境:要求php版本5.3以上

2)对原auth类作了小小的改动.原文件155行左右
$user_groups = M()<br>                 ->table($this->_config['AUTH_GROUP_ACCESS'] . ' a')<br>                 ->where("a.uid='$uid' and g.status='1'")<br>                 ->join($this->_config['AUTH_GROUP']." g on a.group_id=g.id")<br>                 ->field('id,rules')->select(); //原field方法的参数为field('rules'),增加id主要是获取用户组的id,便于验证超级管理员.<br>             $groups[$uid]=$user_groups?:array(); 建议官方在下次更新能添加id,或增加一个参数,便于用户灵活设置

三、安装说明
使用说明请看压缩包的readme.md文件.另外代码我都作了详细的说明,大家一看就懂.下面上几张暴力图.免得有人说:You say a JB without pictures!
Auth权限认证暴力来袭,有图有码有种子,绝对暴力!
Auth权限认证暴力来袭,有图有码有种子,绝对暴力!
Auth权限认证暴力来袭,有图有码有种子,绝对暴力!
Auth权限认证暴力来袭,有图有码有种子,绝对暴力!
Auth权限认证暴力来袭,有图有码有种子,绝对暴力!

四、结语
本demo提供给大家互相学习,希望通过它对auth认证有一个全面的了解.其实基于tp使用auth权限认证没有那么复杂,那么难.希望通过能在此基础上扩展出再多的功能来.

补充:
用户密码都是admin

附件 auth.zip ( 1.26 MB 下载:3194 次 )

AD:真正免费,域名+虚机+企业邮箱=0元

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution
3 weeks agoByDDD
What's New in Windows 11 KB5054979 & How to Fix Update Issues
2 weeks agoByDDD
Where to find the Crane Control Keycard in Atomfall
3 weeks agoByDDD
Roblox: Dead Rails - How To Complete Every Challenge
4 weeks agoByDDD
Atomfall guide: item locations, quest guides, and tips
4 weeks agoByDDD
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Show More

Hot Topics

Where is the login entrance for gmail email?
7671
15
CakePHP Tutorial
1393
52
C# Tutorial
1206
24
What is the format of the account name of steam
91
11
win11 activation key permanent
73
19
Show More