How to use permission authentication in thinkphp

With the continuous development of the Internet, the number of website users is increasing. In order to better manage and ensure the security of user data, authority authentication has become one of the essential functions of every website. Among the PHP frameworks, ThinkPHP is a very popular framework and also provides complete authority authentication functions. So, this article will introduce in detail how ThinkPHP uses permission authentication.

1. The role of permission authentication

Permission authentication is mainly to control the permissions of users in different roles to ensure that users can only access the resources they have permission to access and cannot use them beyond their authority. For example, in an e-commerce website, administrators can view and manage all product information, while ordinary users can only browse product information and cannot modify or delete it.

2. How to implement authority authentication

ThinkPHP framework provides two ways to implement authority authentication: RBAC and node-based authority authentication. RBAC (Role-Based Access Control), that is, role-based access control, classifies different users according to their roles. Node-based authority authentication controls authority through nodes. Nodes can be controllers, operating methods, etc.

1. RBAC

To implement permission authentication through RBAC in the framework, you need to use the Auth class, which is located in ThinkPHPLibraryThink. The specific steps are as follows:

(1) Create the node table and role table, and associate the authority nodes with the roles. Creating a node table can correspond to controllers and operation methods. The role table saves the role name and the corresponding node ID, as shown below:

Node table (think_node):

id	name	module	controller	action	pid
1	index	home	index	index	0
2	add	home	index	add	1
3	edit	home	index	edit	1
4	delete	home	#index	delete	1

Role table (think_role):

##idnamenode_ids1admin1,2,3,42user1 (2) Use the Auth class in the controller for permission authentication. The specific code is as follows:

class IndexController extends Controller

{

public function __construct()
{
    parent::__construct();
    //实例化Auth类
    $auth = new ThinkAuth();

    //获取当前用户的角色ID
    $uid = session('user_id');
    //获取当前请求的控制器和方法
    $url = MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME;

    //进行权限认证
    if (!$auth->check($url, $uid)) {
        $this->error('您没有访问该页面的权限！');
    }
}

}

In the above code, by instantiating the Auth class, we obtain the current user's role ID and the requested controller and method, and then use $auth->check( ) method to perform permission authentication. If the verification fails, an error message will be output.

Node-based permission authentication

Node-based permission authentication can be implemented using the Access class provided by the framework, which is also located in ThinkPHPLibraryThink. The specific steps are as follows:

(1) Use the Access class in the controller for permission authentication. The specific code is as follows:

class IndexController extends Controller

{

public function __construct()
{
    parent::__construct();
    //实例化Access类
    $access = new ThinkAccess();

    //获取当前用户的角色ID
    $uid = session('user_id');
    //获取当前请求的控制器和方法
    $url = MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME;

    //定义权限节点列表
    $nodes = array(
        'Index/index',//首页
        'Index/add',//添加页面
        'Index/edit',//编辑页面
        'Index/delete',//删除操作
    );

    //进行权限认证
    if (!$access->check($nodes, $uid, $url)) {
        $this->error('您没有访问该页面的权限！');
    }
}

}

In the above code, by instantiating the Access class, the current user's role ID and requested controller and method are obtained, and then the $access->check() method is used for permission authentication. Each item in the permission node list corresponds to a node, namely a controller and a method. If the verification fails, an error message will be output.

3. Optimization of permission authentication

In practical applications, we also need to make some optimizations to permission authentication to improve code reusability and security. The specific optimization points are as follows:

Establish a public controller

You can create a public controller BaseController in the Common module of the framework and place the permission verification logic in this control in the vessel. After other controllers inherit this controller, they can reuse this part of the code.

Cache node information

In authority authentication, the node table and role table need to be queried every time, which will affect system performance. Therefore, query results can be cached to improve system performance. You can use the cache class provided by the framework to cache the query results. The next time you query, you can directly obtain the cached results.

Encrypted node information

In order to improve security, we can encrypt node information to avoid direct exposure of node information. You can use the encryption class provided by the framework to encrypt the node ID and save the encrypted node information in the role table.

4. Summary

Permission authentication is an indispensable part of website development. It can ensure the security of user data and improve user management. In the ThinkPHP framework, using the Auth class and Access class, the authority authentication function can be implemented very conveniently. Through the introduction of this article, you can understand the steps and optimization methods for using permission authentication in ThinkPHP. I believe it will be helpful to your development work.

The above is the detailed content of How to use permission authentication in thinkphp. For more information, please follow other related articles on the PHP Chinese website!