用户权限的超级管理员怎么设计才好？-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

用户权限的超级管理员怎么设计才好？

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 23, 2016 pm 02:17 PM

在开发一个会员管理系统，希望有一个超级管理员的权限可以做任何操作，不知道怎么和别的用户区分，现在想把程序做成默认为超级管理员访问，然后别的用户再根据传进来的权限判断，但是又担心判断写得不好，别的用户也可以获得超级管理员的权限了，或者只能用一大堆if else判断是否超级管理员权限又觉得太麻烦，请教大家该怎么设计比较好？

回复讨论(解决方案)

算法本身不存在超级管理员、用户间的差异
你只是给不同的用户赋予了不同的权限，显然超级管理员被赋予了全部的权限
对于默认为超级管理员访问，那就是说你设定的权限不是“允许”而是“禁止”

算法本身不存在超级管理员、用户间的差异
你只是给不同的用户赋予了不同的权限，显然超级管理员被赋予了全部的权限
对于默认为超级管理员访问，那就是说你设定的权限不是“允许”而是“禁止”

据我了解所谓的权限控制本质上脱离不了if/else吧?版大请问有别的方法吗?

算法本身不存在超级管理员、用户间的差异
你只是给不同的用户赋予了不同的权限，显然超级管理员被赋予了全部的权限
对于默认为超级管理员访问，那就是说你设定的权限不是“允许”而是“禁止”

比如我有一个活动页面，普通会员进来只能看到自己参加的活动，而超级管理员能看到所有创建的活动，像这种不是单纯禁止权限访问的页面不知道怎么设计比较好

你这是一个阅读范围的权限
可设2个权限位：贴主、其他
超级管理员：00
用户：01

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What data can be stored in a PHP session?May 02, 2025 am 12:17 AM

PHPsessionscanstorestrings,numbers,arrays,andobjects.1.Strings:textdatalikeusernames.2.Numbers:integersorfloatsforcounters.3.Arrays:listslikeshoppingcarts.4.Objects:complexstructuresthatareserialized.

How do you start a PHP session?May 02, 2025 am 12:16 AM

TostartaPHPsession,usesession_start()atthescript'sbeginning.1)Placeitbeforeanyoutputtosetthesessioncookie.2)Usesessionsforuserdatalikeloginstatusorshoppingcarts.3)RegeneratesessionIDstopreventfixationattacks.4)Considerusingadatabaseforsessionstoragei

What is session regeneration, and how does it improve security?May 02, 2025 am 12:15 AM

Session regeneration refers to generating a new session ID and invalidating the old ID when the user performs sensitive operations in case of session fixed attacks. The implementation steps include: 1. Detect sensitive operations, 2. Generate new session ID, 3. Destroy old session ID, 4. Update user-side session information.

What are some performance considerations when using PHP sessions?May 02, 2025 am 12:11 AM

PHP sessions have a significant impact on application performance. Optimization methods include: 1. Use a database to store session data to improve response speed; 2. Reduce the use of session data and only store necessary information; 3. Use a non-blocking session processor to improve concurrency capabilities; 4. Adjust the session expiration time to balance user experience and server burden; 5. Use persistent sessions to reduce the number of data read and write times.

How do PHP sessions differ from cookies?May 02, 2025 am 12:03 AM

PHPsessionsareserver-side,whilecookiesareclient-side.1)Sessionsstoredataontheserver,aremoresecure,andhandlelargerdata.2)Cookiesstoredataontheclient,arelesssecure,andlimitedinsize.Usesessionsforsensitivedataandcookiesfornon-sensitive,client-sidedata.

How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

See all articles