Home  >  Article  >  Backend Development  >  php personnel authority management (RBAC)

php personnel authority management (RBAC)

迷茫
迷茫Original
2017-03-26 09:29:331657browse

Before talking about permission management, you should first know what functions permission management has:

 (1) Users can only access, specify Controller, specified method

 (2) Users can exist in multiple user groups

 (3) User groups You can choose the specified controller and the specified method

(4), you can add the controller and method

RBAC (Role-Based Access Control (role-based access control) is where users are associated with permissions through roles. Simply put, a user has several roles, and each role has several permissions. In this way, a "user-role-permission" authorization model is constructed. In this model, there is generally a many-to-many relationship between users and roles, and between roles and permissions.

1. Database design

Write five tables, first: user table, role table, function table:

Connection Table of tables.. Next is the role function table and user role table:

2. Administrator's Management page,

<?php
    include ("../db.class.php");
    $db = new db();
    $sql = "select * from qxyh";
    $arr = $db->Query($sql);
    foreach ($arr as $v)
    {
        echo "<option value=&#39;{$v[0]}&#39;>{$v[2]}</option>";
    }

    ?>

(1). Display user name and role name respectively

(2). According to the drop-down user name Change, change the role in the corresponding check box

(3). When modifying the user role, first delete the user's corresponding role table and all the information of this user, and then retrieve The username and role code are newly added.

Use the drop-down list: embed the php query and traverse it, display it in the form of a drop-down list

Select the role, use multiple Marquee:


<p style="margin-bottom: 7px;"><p>请选择角色<br/><?php<br/>$sjs = "select * from qxzw";<br/>$ajs = $db->Query($sjs);<br/>foreach ($ajs as $v){    <br/>    echo "<input type=&#39;checkbox&#39; value=&#39;{$v[0]}&#39; class=&#39;ck&#39;/>{$v[1]} ";<br/>}?><br/></p><br/><input type="button" value="确定" id="btn"/><br/></p>

Picture:

##When the user changes, the corresponding role also changes accordingly, and the person's role information is changed and added and saved. The basic idea of ​​adding and saving is to first delete all the role information corresponding to the person in the database, and then retrieve it. The selected part is added to the database.

Let him select the default role first:

<script>
  //选中默认角色
    function xuan()
    {
        var uid = $("#user").val();
        $.ajax({
            url:"chuli.php",
            data:{uid:uid,type:0},
            type:"POST",
            dataType:"TEXT",
            success:function(data)
            {

                var juese = data.trim().split("|");
                //拆分完全都变成代号
                var ck = $(".ck");
                ck.prop("checked",false);

                for(var i=0;i<ck.length;i++)
                {
                    //便利所有的列表
                    if(juese.indexOf(ck.eq(i).val())>=0)
                    {
                        ck.eq(i).prop("checked",true);
                    }
                }
            }
        });
    }

</script>

To write his processing page:

<?php
include ("../db.class.php");
$db = new db();
$type = $_POST["type"];
switch ($type)
{
    case 0:
        $uid = $_POST["uid"];
        $sql = "select jid from qxyhzw WHERE uid=&#39;{$uid}&#39;";
        echo $db->strQuery($sql);
break;
}

Let’s take a look at the final result. If you log in successfully, you will enter the homepage. If you log in failed, you will get an error

## Come again, save button:

<script>//当用户变化的时候去选中相应角色
        $("#user").change(function(){
            xuan();
        })        //点击确定保存角色信息
        $("#btn").click(function(){            var uid = $("#user").val();            //找到用户名
            var juese = "";//           找到角色代号
            var ck = $(".ck");            //找到所有的checked
            for(var i=0;i<ck.length;i++)
            {//                遍历他
                if(ck.eq(i).prop("checked"))
                {//                    如果他选中了,两个参数是改他的状态
                    //娶过来值;加个|分割一下
                    juese += ck.eq(i).val()+"|";
                }
            }
            juese = juese.substr(0,juese.length-1);//            去掉最后的|            $.ajax({
                url:"chuli.php",
                data:{uid:uid,juese:juese,type:1},
                type:"POST",
                dataType:"TEXT",
                success:function(data){
                    alert("修改成功");
                }
            });

        })
    });</script>

Processing page:

<?php
include ("../db.class.php");
$db = new db();
$type = $_POST["type"];

switch ($type)
{ 
   case 1:
        $uid = $_POST["uid"];
        $juese = $_POST["juese"];
        //        首先全部删掉里面的职位
        $sdel = "delete from qxyhzw WHERE uid = &#39;{$uid}&#39;";
        $db->Query($sdel,0);
        //拆分取到的字符串
        $arr= explode("|",$juese);
        foreach ($arr as $v)
        {
            $sql = "insert into qxyhzw VALUES (&#39;&#39;,&#39;{$uid}&#39;,&#39;{$v}&#39;)";
            $db->query($sql,0);
        }
        echo "ok";
        break;
}

See the effect:

The role is selected by default;

Choose to save after making changes:

#Management page summary Code:




    无标题文档
    


用户与角色管理

请选择用户
请选择角色 Query($sjs); foreach ($ajs as $v) { echo "{$v[1]} "; } ?>

Total code for processing page:

<?php
include ("../db.class.php");
$db = new db();
$type = $_POST["type"];

switch ($type)
{
    case 0:
        $uid = $_POST["zhang"];
        $sql = "select jid from qxyhzw WHERE uid=&#39;{$uid}&#39;";
        echo $db->strQuery($sql);
break;
    case 1:
        $uid = $_POST["zhang"];
        $juese = $_POST["juese"];
        //        首先全部删掉里面的职位
        $sdel = "delete from qxyhzw WHERE uid = &#39;{$uid}&#39;";
        $db->Query($sdel,0);
        //拆分取到的字符串
        $arr= explode("|",$juese);
        foreach ($arr as $v)
        {
            $sql = "insert into qxyhzw VALUES (&#39;&#39;,&#39;{$uid}&#39;,&#39;{$v}&#39;)";
            $db->query($sql,0);
        }
        echo "ok";
        break;
}

##3. Login page:

The display is very simple:

1dd9f730a206db64d7120af7faa3aa3f
    e388a4556c0f65e1904146cc1a846bee帐号:216314ab637324d9fc0469fbb27093e894b3e26ee717c64999d7867364b1b4a3
    e388a4556c0f65e1904146cc1a846bee密码:4272df64366a3ac24c220fbbd18a5c6a94b3e26ee717c64999d7867364b1b4a3
    7699bd71726ab6069d2cd9f29ca125d2f5a47148e367a6035fd7a2faa965022e

Write login processing

<?php
session_start();
include ("../db.class.php");
$db = new db();
$zhang = $_POST["zhang"];
$mi = $_POST["mi"];
$sql = "select mi from qxyh WHERE zhang = &#39;{$zhang}&#39;";$mm = $db->strQuery($sql)>0;
if($mm = $mi && !empty($mi)){    
    $_SESSION["zhang"] = $zhang;    
    header("location:chaxun.php");
}//else
//{
//    echo "登入失败";
//}
Jump to the main page, main page code:

Everyone’s main page is different of

6c04bd5ca3fcae76e30b72ad730ca86d4a249f0d628e2318394fd9b75b4636b1主页面473f0a7621bec819994bb5020d29372a
<?php
session_start();
include ("../db.class.php");
$db = new db();$zhang = "";
if(empty($_SESSION["zhang"]))
{    
header("location:qx_dr.php"); exit;
}//登入者用户名
    $zhang = $_SESSION["zhang"];//根据用户名查角色$sql = "select jid from qxyhzw WHERE uid = &#39;{$zhang}&#39;";$aql = $db->Query($sql);//根据角色代号查功能代号$attr = array();//定义一个存放功能代号的数组foreach ($aql as $v)
{   $jsid = $v[0];// 角色代号
    $ssql = "select rid from qxgnzw WHERE jid=&#39;{$jsid}&#39;";    $aaql = $db->strQuery($ssql);//拆分
    $adai = explode("|",$aaql);    foreach ($adai as $h)
    {       array_push($attr,$h);
    }
}$attr = array_unique($attr);//去重
//显示foreach ($attr as $k)
{    $ql = "select * from qxgn WHERE code = &#39;{$k}&#39;";    
$arr = $db->Query($ql);    arr[0][0];    $arr[0][1];    echo "<p code=&#39;{$arr[0][0]}&#39;>{$arr[0][1]}</p>";
}?>
36cc49f0c466276486e50c850b7e4956

 

 

用php的用户体验不好,最好还是得用ajax

The above is the detailed content of php personnel authority management (RBAC). For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP error handling issuesNext article:PHP error handling issues