PHP Development Guide: Implementing Simple Role Permission Control Function

PHP Development Guide: Implementing Simple Role Permission Control Function

Introduction:
In a website or application, role permission control is an important function. Through role permission control, you can limit the operating permissions of certain users in the system, thereby increasing the security and credibility of the system. In this article, we will introduce how to use PHP to implement simple role permission control functions.

1. Create database table

First, we need to create a database table to store user information and role information. The following is the structure of a sample table:

CREATE TABLE `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `role` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

2. Add users and roles

Add user and role records in the database. Some sample data can be used:

INSERT INTO `users` (`id`, `username`, `password`, `role`)
VALUES
(1, 'admin', 'admin_password', 'admin'),
(2, 'user', 'user_password', 'user');

3. Login Verification

In the login page, the user needs to provide the username and password and compare it with the record in the database. If the username and password match, the user's role is saved in the session:

<?php
session_start();

// 用户提交的用户名和密码
$username = $_POST['username'];
$password = $_POST['password'];

// 数据库查询语句
$sql = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysqli_query($connection, $sql);

// 检查查询结果
if (mysqli_num_rows($result) == 1) {
  $row = mysqli_fetch_assoc($result);
  
  // 将用户的角色保存在会话中
  $_SESSION['role'] = $row['role'];
  
  // 跳转到首页或其他有权限访问的页面
  header('Location: index.php');
} else {
  // 用户名和密码不匹配，显示错误信息
  echo '用户名或密码错误';
}
?>

4. Permission verification

In each page that requires permission verification , we need to check if the user's role has permission to access the page. The following is an example:

<?php
session_start();

// 检查用户是否登录，如果未登录则跳转到登录页面
if (!isset($_SESSION['role'])) {
  header('Location: login.php');
  exit();
}

// 获取用户的角色
$role = $_SESSION['role'];

// 检查角色是否具有访问该页面的权限
if ($role != 'admin') {
  echo '抱歉，您无权访问该页面';
  exit();
}

// 以下是页面的正常内容
?>

Conclusion:
Through the above steps, we successfully implemented a simple role permission control function. By saving user and role information in database tables, as well as PHP code for login and permission verification, we can effectively protect the security and credibility of the system. Of course, there are more complex and flexible permission control schemes that can be used in actual development, but the examples provided in this article are enough to help us get started and understand the basic principles and implementation of role permission control.

Reference:

• PHP Manual: https://www.php.net/manual/en/
• W3Schools PHP Tutorial: https://www .w3schools.com/php/

The above is the detailed content of PHP Development Guide: Implementing Simple Role Permission Control Function. For more information, please follow other related articles on the PHP Chinese website!