Access control technology for PHP and CGI: How to manage user permissions for websites

Access control technology of PHP and CGI: How to manage user permissions on websites

With the development of the Internet, user management and permission control of websites have become more and more important. Whether it’s a corporate website, social media, or e-commerce platform, you need to ensure that users can only access content they are authorized to use. In this regard, PHP and CGI (Common Gateway Interface) are two commonly used web programming languages ​​and technologies.

PHP (Hypertext Preprocessor) is a scripting language widely used in dynamic web development, which can be embedded in HTML. CGI is a standard interface between a web server and a scripting language. Through CGI, the web server can pass requests sent by users to script programs for processing.

The following will introduce how to implement access control and manage website user permissions in PHP and CGI, and attach some code examples.

1. Access control and user rights management in PHP

PHP provides a series of functions and features that can be used to implement access control and user rights management. The following are some commonly used methods:

1. User authentication (Authentication): Verify the user's identity through user name and password, and grant access permissions.

<?php
session_start();

if ($_POST['username'] == 'admin' && $_POST['password'] == '123456') {
    $_SESSION['loggedin'] = true;
} else {
    echo '用户名或密码错误';
}
?>

On other pages, you can use the following code to check whether the user is logged in:

<?php
session_start();

if (!$_SESSION['loggedin']) {
    header('Location: login.php');
    exit;
}
?>

2. User role (Role) and permission control: In the website, users It is usually divided into different roles, and different roles have different permissions. You can use an array or database to manage user roles and their corresponding permissions.

<?php
session_start();

$roles = array(
    'admin' => array('edit', 'delete', 'create'),
    'user' => array('view', 'comment')
);

if (!in_array($action, $roles[$_SESSION['role']])) {
    echo '权限不足';
    exit;
}
?>

3. Page Protection: You can use PHP's include statement and permission control to protect sensitive pages from being accessed by non-logged-in users or users without permissions.

<?php
session_start();

if (!$_SESSION['loggedin'] || $_SESSION['role'] != 'admin') {
    header('Location: access_denied.php');
    exit;
}
?>

<!DOCTYPE html>
<html>
<head>
    <title>仅管理员可见的页面</title>
</head>
<body>
    <h1>仅管理员可见的页面</h1>
    <p>欢迎访问管理员页面！</p>
</body>
</html>

2. Access control and user rights management in CGI

In CGI, the access control function provided by server software (such as Apache, Nginx, etc.) is generally used, together with scripts Language combination realizes user rights management.

1. IP address-based access control: Access to certain IP addresses or IP address ranges can be restricted through the server's configuration file (such as .htaccess file).

order deny, allow
deny from 192.168.0.1
allow from all

2. HTTP Basic Authentication: You can use the server's configuration file and .htpasswd file for user authentication.

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

The content of the .htpasswd file is as follows:

admin:password123
user1:password123

3. Permission control at the script level: In a CGI script, the authentication information of the HTTP request header can be read. According to User authentication status to control permissions.

#!/usr/bin/env python3
import os

print('Content-Type: text/html')
print()

if os.environ.get('HTTP_AUTHORIZATION') != 'Basic YWRtaW46cGFzc3dvcmQxMjM=':
    print('Status: 401 Unauthorized')
    print('WWW-Authenticate: Basic realm="Restricted Area"')
    print()
    print('<h1>权限不足</h1>')
else:
    print('<h1>欢迎访问受限页面！</h1>')

The above are some common methods and code examples for implementing access control and user rights management in PHP and CGI. According to specific application scenarios and needs, other technologies and tools can also be combined to further improve the rights management system. Regardless of whether you use PHP or CGI, you must pay attention to security and avoid potential security risks and vulnerabilities.

The above is the detailed content of Access control technology for PHP and CGI: How to manage user permissions for websites. For more information, please follow other related articles on the PHP Chinese website!