Home >Backend Development >PHP Tutorial >Cross-membership permission control based on native PHP, cross-membership permissions control_PHP tutorial
For a website’s backend management system, a single super administrator permission often cannot meet our needs, especially For large websites, this single permission can cause many problems.
For example: a website editor is usually only responsible for announcement updates of the company website, but if the website background does not have strict permission restrictions, he will be able to operate some of the customer's information. This is a big hidden danger.
If you have studied the ThinkPHP framework, you must know that there is something called RBAC. Today we will not talk about that. Let’s talk about how to implement cross-authority control in the native PHP language.
Okay, not much to say, as usual, just talk about the principles and code.
There are many ways to implement cross-control of permissions. Here is just one idea: (I use the binary number method)
1. Here we first mention the operation methods of bitwise AND and bitwise OR:
The two data participating in the operation are ANDed according to the binary bits.
Operation rules: 0&0=0; 0&1=0; 1&0=0; 1&1=1;
That is: if both two bits are "1" at the same time, the result is "1", otherwise it is 0
For example: 3&5 is 0000 0011 & 0000 0101 = 0000 0001 Therefore, 3&5 is worth 1.
In addition, negative numbers participate in bitwise AND operations in complement form.
The two objects participating in the operation perform an "OR" operation based on binary bits.
Operation rules: 0|0=0; 0|1=1; 1|0=1; 1|1=1;
That is: as long as one of the two objects participating in the operation is 1, its value is 1.
For example: 3|5 That is 0000 0011 | 0000 0101 = 0000 0111 Therefore, 3|5 is worth 7.
In addition, negative numbers participate in bitwise OR operations in complement form.
After understanding the operations of bitwise AND and bitwise OR, let’s look at the following example:
<span> 1</span> <?<span>php </span><span> 2</span> <span>define</span>('ADD',1);<span>//</span><span>二进制1</span> <span> 3</span> <span>define</span>('DELETE',2);<span>//</span><span>二进制10</span> <span> 4</span> <span>define</span>('UPDATE',4);<span>//</span><span>二进制100</span> <span> 5</span> <span>define</span>('SELECT',8);<span>//</span><span>二进制1000 </span><span> 6</span> <span> 7</span> <span> //有权限为1,没有权限为0</span> <span> 8</span> <span>$admin</span>=ADD|DELETE|UPDATE|SELECT;<span>//</span><span>1111</span> <span> 9</span> <span>$editer</span>=ADD|UPDATE|SELECT;<span>//</span><span>1101</span> <span>10</span> <span>$user</span>=SELECT;<span>//</span><span>1000</span> <span>11</span> ?>
I made four permissions for addition, deletion, modification and search respectively and set them as constants
The binary number of 1 is 1, the binary number of 2 is 10, the binary number of 4 is 100, and the binary number of 8 is 1000. This just becomes a rule
Some friends may ask where the 1111, 1101, and 1000 corresponding to the above permission variables admin, editor, and user come from?
There is a function in PHP that converts decimal numbers to binary numbers called decbin()
The following is the corresponding function explanation:
<span>decbin</span><span> (PHP </span>3, PHP 4, PHP 5<span>) </span><span>decbin</span> --<span> 十进制转换为二进制 说明 </span><span>string</span> <span>decbin</span> ( int <span>number</span><span> )<br /><br /> 返回一字符串,包含有给定 </span><span>number</span> 参数的二进制表示。所能转换的最大数值为十进制的 4294967295,其结果为 32 个 1<span> 的字符串。 例子 </span>1. <span>decbin</span><span>() 范例 </span><?<span>php </span><span>echo</span> <span>decbin</span>(12) . "\n"<span>; </span><span>echo</span> <span>decbin</span>(26<span>); </span>?><span> 上例将输出: </span>1100 11010<span> 参见 </span><span>bindec</span>(),<span>decoct</span>(),<span>dechex</span>() 和 <span>base_convert</span>()。
Let’s test the output and see:
<span> 1</span> <?<span>php </span><span> 2</span> <span> 3</span> <span> 4</span> <span>define</span>('ADD',1);<span>//</span><span>二进制1</span> <span> 5</span> <span>define</span>('DELETE',2);<span>//</span><span>二进制10</span> <span> 6</span> <span>define</span>('UPDATE',4);<span>//</span><span>二进制100</span> <span> 7</span> <span>define</span>('SELECT',8);<span>//</span><span>二进制1000 </span><span> 8</span> <span> 9</span> <span> //有权限为1,没有权限为0</span> <span>10</span> <span>$admin</span>=ADD|DELETE|UPDATE|SELECT;<span>//</span><span>1111</span> <span>11</span> <span>$editer</span>=ADD|UPDATE|SELECT;<span>//</span><span>1101</span> <span>12</span> <span>$user</span>=SELECT;<span>//</span><span>1000</span> <span>13</span> <span>14</span> <span>echo</span> <span>decbin</span>(<span>$admin</span>)."<br/>"<span>; </span><span>15</span> <span>echo</span> <span>decbin</span>(<span>$editer</span>)."<br/>"<span>; </span><span>16</span> <span>echo</span> <span>decbin</span>(<span>$user</span>)."<br/>"<span>; </span><span>17</span> <span>18</span> <span>19</span> ?>
Output result:
Then we can use this operation to determine the permissions. 1 means there is permission, 0 means no permission
For example:
The authority of admin (super administrator) is to add, delete, modify, and check, which is 1111——>0000 1111
The editor (website editor) has the permissions to add, modify, and check, which is 1101——>0000 1101
user (ordinary user) only has browsing and query permissions, which is 1000——>0000 1000
Then we only need to perform bitwise AND operation on them to determine whether we have permission
For example:
Website editing permissions 0000 1101 | 0000 0010 (Delete permissions are converted from 2 in decimal to 10 in binary) Result: 0000 0000 That is, no permissions are available
Try again
Normal user permissions 0000 1000 |0000 0001 (adding permissions in decimal is 1 and binary is 1) Result: 0000 0000 also does not have permissions
Super administrator permissions 0000 1111 |0000 1101 (website editing permissions) Result: 0000 1111, which means you have website editing permissions
Okay, let’s look at specific examples
I built a database with 2 tables in it
One is the user table:
gid represents the group id of the permission table
One is the permission table:
flag represents the permission to add, delete, modify and check, which can be defined according to your own needs
基本配置页面:config.php
<span> 1</span> <?<span>php </span><span> 2</span> <span> 3</span> <span>define</span>('HOST','localhost'<span>); </span><span> 4</span> <span>define</span>('DBNAME','member'<span>); </span><span> 5</span> <span>define</span>('USER', 'root'<span>); </span><span> 6</span> <span>define</span>('PASS', ''<span>); </span><span> 7</span> <span> 8</span> <span> 9</span> <span>$link</span>=@<span>mysql_connect</span>(HOST,USER,PASS) or <span>die</span>('数据库连接失败'<span>); </span><span>10</span> <span>11</span> <span>mysql_select_db</span>(DBNAME,<span>$link</span><span>); </span><span>12</span> <span>13</span> <span>define</span>('ADD',1);<span>//</span><span>二进制1</span> <span>14</span> <span>define</span>('DELETE',2);<span>//</span><span>二进制10</span> <span>15</span> <span>define</span>('UPDATE',4);<span>//</span><span>二进制100</span> <span>16</span> <span>define</span>('SELECT',8);<span>//</span><span>二进制1000 </span><span>17</span> <span>18</span> <span> //有权限为1,没有权限为0</span> <span>19</span> <span>$admin</span>=ADD|DELETE|UPDATE|SELECT;<span>//</span><span>1111</span> <span>20</span> <span>$editer</span>=ADD|UPDATE|SELECT;<span>//</span><span>1101</span> <span>21</span> <span>$user</span>=SELECT;<span>//</span><span>1000</span> <span>22</span> ?>
登陆首页:index.html
<span> 1</span> <span><!</span><span>DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"</span><span>></span> <span> 2</span> <span><</span><span>html </span><span>xmlns</span><span>="http://www.w3.org/1999/xhtml"</span><span> xml:lang</span><span>="en"</span><span>></span> <span> 3</span> <span><</span><span>head</span><span>></span> <span> 4</span> <span><</span><span>meta </span><span>http-equiv</span><span>="Content-Type"</span><span> content</span><span>="text/html;charset=UTF-8"</span><span>></span> <span> 5</span> <span><</span><span>title</span><span>></span>Document<span></</span><span>title</span><span>></span> <span> 6</span> <span></</span><span>head</span><span>></span> <span> 7</span> <span><</span><span>body</span><span>></span> <span> 8</span> <span><</span><span>form </span><span>action</span><span>="action.php"</span><span> method</span><span>="post"</span><span>></span> <span> 9</span> 账号:<span><</span><span>input </span><span>type</span><span>="text"</span><span> name</span><span>="username"</span> <span>/></span> <span>10</span> 密码:<span><</span><span>input </span><span>type</span><span>="password"</span><span> name</span><span>="password"</span> <span>/></span> <span>11</span> <span><</span><span>input </span><span>type</span><span>="submit"</span><span> name</span><span>="submit"</span><span> value</span><span>="登陆"</span><span>></span> <span>12</span> <span></</span><span>form</span><span>></span> <span>13</span> <span></</span><span>body</span><span>></span> <span>14</span> <span></</span><span>html</span><span>></span>
提交页面:action.php
<span> 1</span> <?<span>php </span><span> 2</span> <span> 3</span> <span>require_once</span>('config.php'<span>); </span><span> 4</span> <span>$username</span>=<span>$_POST</span>['username'<span>]; </span><span> 5</span> <span>$password</span>=<span>$_POST</span>['password'<span>]; </span><span> 6</span> <span> 7</span> <span> 8</span> <span>$sql</span>="<span>select * from user as a,role as b where a.gid=b.gid </span><span> 9</span> and a.username='<span>$username</span>' and password='<span>$password</span>'"<span>; </span><span>10</span> <span>11</span> <span>$result</span>=<span>mysql_query</span>(<span>$sql</span><span>); </span><span>12</span> <span>if</span>(<span>$data</span>=<span>mysql_fetch_array</span>(<span>$result</span><span>)){ </span><span>13</span> <span>//</span><span>账号验证通过,判断对应权限 </span><span>14</span> <span> //此处判断的是 是否具备删除权限</span> <span>15</span> <span>if</span>(<span>$data</span>['flag']&<span>DELETE){ </span><span>16</span> <span>echo</span> "你有删除权限"<span>; </span><span>17</span> }<span>else</span><span>{ </span><span>18</span> <span>echo</span> "你没有删除权限"<span>; </span><span>19</span> <span> } </span><span>20</span> <span>21</span> }<span>else</span><span>{ </span><span>22</span> <span>echo</span> "错误账号密码"<span>; </span><span>23</span> <span> } </span><span>24</span> <span>25</span> <span>26</span> ?>
效果图如下:
轻松搞定~
这里只是个简单的小DEMO演示,希望能起到抛砖引玉的作用,至于具体项目还需具体分析,权限控制毕竟是个很复杂的功能。
不明白.,,...
肯定会慢一点,但是这是可以接受的。因为采用框架造成的性能损失比较恒定,例如对于所有功能,使用框架和直编可能总是框架慢0.002毫秒。但是这种损失一般不需要在意。因为相对于框架的巨大好处,这种损耗是值得的。
利用框架可以大幅度提升开发效率
大幅度节约维护成本
更容易的项目交接
因此,宁可损失效率也选择框架。关于效率可以考虑升级服务器等手段来改善。