How to use PHP functions to implement multi-level role and permission management for user login and logout?

How to use PHP functions to implement multi-level role and permission management for user login and logout?

When developing a website, user login and logout are a very common and important function. As website functions expand, multi-level role and permission management is usually required to ensure that different users have different operating permissions. This article will introduce how to use PHP functions to achieve this functionality and provide code examples.

First, we need to create a database table to store user information. The table structure is as follows:

CREATE TABLE users (
    id INT(11) AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(100) NOT NULL,
    password VARCHAR(100) NOT NULL,
    role VARCHAR(50) NOT NULL,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

Among them, username stores the user name, password stores the hash value of the password, role stores the user role,created_at Stores user creation time.

Next, we need to write PHP code for login and logout functions. The first is the login function:

function login($username, $password) {
    // 从数据库中查询用户信息
    $query = "SELECT * FROM users WHERE username = '$username'";
    $result = mysqli_query($conn, $query);
    
    if (mysqli_num_rows($result) == 1) {
        $user = mysqli_fetch_assoc($result);

        // 验证密码
        if (password_verify($password, $user['password'])) {
            // 设置用户登录状态
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $user['username'];
            $_SESSION['role'] = $user['role'];

            return true;
        }
    }

    return false;
}

The above code first queries whether the user name exists in the database. If it exists, the correctness of the password is verified through the password_verify function. If the verification is passed, the user information will be stored in $_SESSION to realize user login.

Next is the code for the logout function:

function logout() {
    // 销毁session
    session_unset();
    session_destroy();
}

The above code destroys the current $_SESSION by calling the session_unset function and the session_destroy function .

Through the above code, we can implement basic user login and logout functions. But in order to achieve multi-level role and permission management, we also need to provide corresponding functional interfaces.

First, we need to write a function that checks user permissions:

function checkPermission($requiredRole) {
    if (isset($_SESSION['role']) && $_SESSION['role'] == $requiredRole) {
        return true;
    } else {
        return false;
    }
}

The above code will check whether the current user's role meets the required roles. If satisfied, return true, otherwise return false.

Next, we can implement corresponding permission control by calling the checkPermission function.

if (checkPermission('admin')) {
    // 执行管理员操作
} elseif (checkPermission('user')) {
    // 执行普通用户操作
} else {
    // 无权限操作
}

The above code will perform corresponding operations based on the user's role. If the user role is an administrator, administrator operations are performed; if the user role is an ordinary user, ordinary user operations are performed; if the user does not have permissions, operations without permissions are performed.

In summary, through the above code examples, we use PHP functions to implement multi-level role and permission management for user login and logout. When developing a website, this method can achieve flexible user permission control and ensure the security of the website.

The above is the detailed content of How to use PHP functions to implement multi-level role and permission management for user login and logout?. For more information, please follow other related articles on the PHP Chinese website!