


In-depth analysis of ThinkPHP's RBAC (role-based access control)_PHP tutorial
1. What is RBAC
Role-Based Access Control (Role-Based Access Control) is a promising alternative to traditional access control (discretionary access, mandatory access) instead received widespread attention.
In RBAC, permissions are associated with roles, and users gain permissions from these roles by becoming members of the appropriate roles. This greatly simplifies the management of permissions.
In an organization, roles are created to complete various tasks, and users are assigned corresponding roles based on their responsibilities and qualifications. Users can be easily assigned from one role to another. Roles can be granted new permissions based on new requirements and system integration, and permissions can also be reclaimed from a role as needed. Character-to-character relationships can be established to encompass a wider range of objective circumstances.
2. RBAC in ThinkPHP
Let’s first look at the data tables used in the official examples. Permission control is implemented through 5 tables, which are defined as follows:
RBAC uses 5 data tables
think_user (user table)
think_role (user grouping table)
think_node (operation node)
think_role_user (correspondence between users and user groups)
think_access (Correspondence between each operation and user group)
User table
Role table, what roles are there, this role is associated with the corresponding userid user
According to the id in the user table, the corresponding role id is associated, that is, the user is assigned a role. For example, the role with userid 3 is 2. According to the role role table, 7 represents the role of the employee
access table, permission table, for example, the role id is 2, which is the employee's permissions, and the corresponding node can be
The node table represents the applications-modules-module methods and defines a relationship between them. For example, the noteid of 30 is the Public module, and the noteid of 31 and 32 , Methods 33 and 34 add, insert, edit, and update all belong to Public. The test method with noteid 85 belongs to the method under the Game module with noteid 84.
3. Detailed explanation of config configuration file
Let’s take a look at the config file in the official example of thinkphp:
array(
'APP_AUTOLOAD_PATH'=>'@.TagLib',
'SESSION_AUTO_START'=>true,
'USER_AUTH_ON' => ;true,
‘USER_AUTH_TYPE ' 'USER_AUTH_KEY' =>'authId', //Default authentication type 1 Login authentication 2 Real-time authentication
=>'administrator','/ Public/login',// Default authentication gateway
does not require the authentication module > 'Not_auth_action' = & gt; '', // The default does not require the authentication operation
'reques_Auth_ACTION' = & GT; '', // The authentication operation is required
'guest_auth_on' = & gt; / false, / / / Whether to open tourists authorized Visit
'guest_auth_id' = & gt; 0, // The user's user ID
'db_like_fields' = & gt;' title | remark ',
' rbac_role_table '= & gt;' think_role ',
' RBAC_USER_TABLE' =>'think_role_user',
'RBAC_ACCESS_TABLE' =>'think_access',
'RBAC_NODE_TABLE' =>'think_node',
'SHOW_PAGE_TRACE'=>1//Show debugging information
);
You should understand most of it by reading the comments. The Public module does not require authentication. The reason is very simple. Before logging in, everyone is a guest. If the login page also requires permissions, where can I log in? Right, haha. The default gateway address means that the authentication failed and you do not have permission to jump here and log in again. ADMIN_AUTH_KEY represents super administrator permissions. If you create a user named admin in the user table, then this user is the super administrator. There is no need to assign permissions to it. It has all permissions. Why should you set up such an administrator? Because when If you assign the wrong permissions, it can easily cause confusion in the system permissions, making it impossible for everyone to access. At this time, the super administrator will come.
4. Several important methods of the RBAC class
authenticate($map,$model=") method passes in the conditions for querying users and the MODEL of the user table The return array contains the user's information
The saveAccessList($authId=null) method passes in the user's ID. This method does not return a value, but only sets the value of $_SESSION['_ACCESS_LIST'], which contains all the user groups corresponding to the user. All nodes that have permission to operate $_SESSION['_ACCESS_LIST']['project name']['module name']['operation name']. In the future, judging permissions is to judge whether the current project, module and operation are in $_SESSION[' _ACCESS_LIST']. The
checkAccess() method detects whether the current module and operation require verification and returns a bool type.
checkLogin() method detects login.
AccessDecision($appName=APP_NAME) method is to detect the current project module Whether the operation is in the $_SESSION['_ACCESS_LIST'] array, that is, in the $_SESSION['_ACCESS_LIST'] array $_SESSION['_ACCESS_LIST']['current operation']['current module']['current operation' ] exists. If it exists, it means there is permission. Otherwise, the
getAccessList($authId) method returns the value of the permission list $_SESSION['_ACCESS_LIST'].
http://www.bkjia.com/PHPjc/327598.html

TomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe

Arrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.

PHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.

Tracking user session activities in PHP is implemented through session management. 1) Use session_start() to start the session. 2) Store and access data through the $_SESSION array. 3) Call session_destroy() to end the session. Session tracking is used for user behavior analysis, security monitoring, and performance optimization.

Using databases to store PHP session data can improve performance and scalability. 1) Configure MySQL to store session data: Set up the session processor in php.ini or PHP code. 2) Implement custom session processor: define open, close, read, write and other functions to interact with the database. 3) Optimization and best practices: Use indexing, caching, data compression and distributed storage to improve performance.

PHPsessionstrackuserdataacrossmultiplepagerequestsusingauniqueIDstoredinacookie.Here'showtomanagethemeffectively:1)Startasessionwithsession_start()andstoredatain$_SESSION.2)RegeneratethesessionIDafterloginwithsession_regenerate_id(true)topreventsessi

In PHP, iterating through session data can be achieved through the following steps: 1. Start the session using session_start(). 2. Iterate through foreach loop through all key-value pairs in the $_SESSION array. 3. When processing complex data structures, use is_array() or is_object() functions and use print_r() to output detailed information. 4. When optimizing traversal, paging can be used to avoid processing large amounts of data at one time. This will help you manage and use PHP session data more efficiently in your actual project.

The session realizes user authentication through the server-side state management mechanism. 1) Session creation and generation of unique IDs, 2) IDs are passed through cookies, 3) Server stores and accesses session data through IDs, 4) User authentication and status management are realized, improving application security and user experience.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Atom editor mac version download
The most popular open source editor

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Dreamweaver CS6
Visual web development tools

SublimeText3 Chinese version
Chinese version, very easy to use

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
