Home >Backend Development >PHP Tutorial >Use PHP and MySQL to implement a powerful user rights control system

Use PHP and MySQL to implement a powerful user rights control system

WBOY
WBOYOriginal
2023-06-25 10:04:391328browse

In modern web applications, user permission control is crucial. To ensure the security and integrity of an application, user access to specific operations and information must be restricted and the specific tasks that users are allowed to perform must be defined. In this article, I will introduce how to use PHP and MySQL to create a powerful user permission control system to ensure the security and integrity of your web applications.

1. Design of database tables

In the MySQL database, we need at least two tables to implement the user authority control system. The first table records basic information for all users, including username, password, and email address. The second table is the permissions table, which records the permissions of each role/user group. Therefore, we need to create the following two tables in the database:

  1. users table

CREATE TABLE users (
id int(11) NOT NULL AUTO_INCREMENT,
username varchar(50) NOT NULL,
password varchar(255) NOT NULL,
email varchar(100) NOT NULL,
PRIMARY KEY (id)
);

  1. roles table

CREATE TABLE roles (
id int(11) NOT NULL AUTO_INCREMENT,
name varchar(50) NOT NULL,
PRIMARY KEY (id)
);

We also need a table that associates users with roles. This table maps user IDs to role IDs. Let's create this table.

  1. role_user table

CREATE TABLE role_user (
role_id int(11) NOT NULL,
user_id int(11) NOT NULL,
PRIMARY KEY (role_id,user_id),
CONSTRAINT FK_role_user_role_id FOREIGN KEY (role_id) REFERENCES roles (id),
CONSTRAINT FK_role_id_user_id FOREIGN KEY (user_id) REFERENCES users (id)
);

2. Implementation of user rights control system

Now we have created the required database Now we can start implementing a user permissions control system for our application. Here are some basic concepts:

  1. Role

A role is a logical structure that associates a set of permissions together. For example, we can create an "Administrator" role and grant all administrative-related permissions to this role.

  1. Permissions

Permissions are the control rights of a certain function. For example, view, create, edit, and delete users are different permissions. Granting these permissions to specific roles limits users' access.

  1. User

A user is an individual who interacts with an application. Each user will be assigned one or more roles, which define the actions the user can perform and access.

Now let’s see how to implement this system.

  1. Create User

For each new user, we need to create a corresponding user record. We will create a record in the "users" table for each user, including username, password, and email address. Use the following code to create the user.

function create_user($username, $password, $email) {
  // Encrypt password
  $encrypted_password = password_hash($password, PASSWORD_DEFAULT);

  // Prepare SQL statement
  $sql = "INSERT INTO users (username, password, email) VALUES (?, ?, ?)";

  // Bind parameters
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("sss", $username, $encrypted_password, $email);

  // Execute statement
  if ($stmt->execute()) {
    return true;
  } else {
    return false;
  }
}
  1. Create a role

Creating a role is very simple, just insert a record in the "roles" table. Here's an example.

function create_role($name) {
  // Prepare SQL statement
  $sql = "INSERT INTO roles (name) VALUES (?)";

  // Bind parameters
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("s", $name);

  // Execute statement
  if ($stmt->execute()) {
    return true;
  } else {
    return false;
  }
}
  1. Assign User Roles

Now that we have created users and roles, we need to associate them. Roles can be assigned by inserting the role ID and user ID into the "role_user" table. Below is some sample code.

function assign_role_to_user($role_id, $user_id) {
  // Prepare SQL statement
  $sql = "INSERT INTO role_user (role_id, user_id) VALUES (?, ?)";

  // Bind parameters
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("ii", $role_id, $user_id);

  // Execute statement
  if ($stmt->execute()) {
    return true;
  } else {
    return false;
  }
}
  1. Check if the user has permission

Finally, we need to check if the user has permission to perform an operation. We will find all the roles the user belongs to and check if the roles have the required permissions. Returns true if the user has permission, false if not. Below is some sample code.

function has_permission($user_id, $permission) {
  // Fetch user roles
  $sql = "SELECT role_id FROM role_user WHERE user_id = ?";
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("i", $user_id);
  $stmt->execute();
  $result = $stmt->get_result();

  // Check if any role has permission
  while ($row = $result->fetch_assoc()) {
    $sql2 = "SELECT permissions FROM roles WHERE id = " . $row['role_id'];
    $result2 = $conn->query($sql2);

    if ($result2->num_rows == 1) {
      $row2 = $result2->fetch_assoc();

      $permissions = json_decode($row2['permissions'], true);

      if (in_array($permission, $permissions)) {
        return true;
      }
    }
  }

  // Permission not found
  return false;
}

3. Summary

Using PHP and MySQL to create a user permission control system can ensure the security and integrity of web applications. We can restrict user access to specific operations and information based on roles and permissions. With this system, we can protect web applications from unauthorized access, thus improving overall security.

The above is the detailed content of Use PHP and MySQL to implement a powerful user rights control system. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn