Cross-membership permission control based on native PHP_PHP tutorial
WBOY
Release: 2016-07-13 10:21:02
Original
1199 people have browsed it
Based on native PHP cross-membership permission control
For a website's backend management system, a single super administrator authority often cannot meet our needs. Especially for large websites, this single authority will cause many problems.
For example: a website editor is usually only responsible for announcement updates of the company website, but if the website background does not have strict permission restrictions, he will be able to operate some of the customer's information. This is a big hidden danger.
If you have studied the ThinkPHP framework, you must know that there is something called RBAC. Today we will not talk about that, but let’s talk about how to implement cross permission control in the native PHP language.
Okay, not much to say, as usual, just talk about the principles and code.
There are many ways to implement cross-control of permissions. Here is just one idea: (I use the binary number method)
1. Here we first mention the operation methods of bitwise AND and bitwise OR:
1. Bitwise AND operator (&)
The two data participating in the operation are ANDed according to the binary bits. ("AND" operation => Whether there is a contained value such as: 7&8=0)
Operation rules: 0&0=0; 0&1=0; 1&0=0; 1&1=1;
That is: if both bits are "1" at the same time, the result is "1", otherwise it is 0
For example: 3&5 is 0000 0011 & 0000 0101 = 0000 0001 Therefore, 3&5 is worth 1.
In addition, negative numbers participate in bitwise AND operations in two's complement form.
2. Bitwise OR operator (|)
The two objects participating in the operation perform an "OR" operation based on binary bits. ("OR" operation => can include values such as: 7=4|2|1, use "XOR" to remove included values such as: 7^2)
Operation rules: 0|0=0; 0|1=1; 1|0=1; 1|1=1;
That is: as long as one of the two objects participating in the operation is 1, its value is 1.
For example: 3|5 that is 0000 0011 | 0000 0101 = 0000 0111 Therefore, 3|5 is worth 7.
In addition, negative numbers participate in bitwise OR operations in two's complement form.
After understanding the operations of bitwise AND and bitwise OR, let’s look at the following example:
Copy code
1
2 define('ADD',1);//Binary 1
3 define('DELETE',2);//Binary 10
4 define('UPDATE',4);//Binary 100
5 define('SELECT',8);//Binary 1000
6
7 //With permission it is 1, if there is no permission it is 0
8 $admin=ADD|DELETE|UPDATE|SELECT;//1111
9 $editor=ADD|UPDATE|SELECT;//1101
10 $user=SELECT;//1000
11 ?>
Copy code
I made four permissions for addition, deletion, modification and search respectively and set them as constants
The binary number of 1 is 1, the binary number of 2 is 10, the binary number of 4 is 100, and the binary number of 8 is 1000. This just becomes a rule
Some friends may ask where the 1111, 1101, and 1000 corresponding to the above permission variables admin, editor, and user come from?
There is a function in PHP to convert decimal numbers to binary numbers called decbin()
The following is the corresponding function explanation:
Copy code
decbin
(PHP 3, PHP 4, PHP 5)
decbin -- convert decimal to binary
Description
string decbin (int number)
Returns a string containing the binary representation of the given number parameter. The maximum value that can be converted is 4294967295 in decimal, which results in a string of 32 ones.
Example 1. decbin() example
echo decbin(12) . "n";
echo decbin(26);
?>
The above example will output:
1100
11010
See bindec(), decoct(), dechex() and base_convert().
Copy code
Let’s test the output and see:
Copy code
1
2
3
4 define('ADD',1);//Binary 1
5 define('DELETE',2);//Binary 10
6 define('UPDATE',4);//Binary 100
7 define('SELECT',8);//Binary 1000
8
9 //If there is permission, it is 1, if there is no permission, it is 0
10 $admin=ADD|DELETE|UPDATE|SELECT;//1111 15
11 $editor=ADD|UPDATE|SELECT;//1101 13
12 $user=SELECT;//1000 8
13
14 echo decbin($admin)." ";
15 echo decbin($editor)." ";
16 echo decbin($user)." ";
17
18
19 ?>
Copy code
Output result:
Then we can use this operation to determine the permissions. 1 means there is permission, 0 means no permission
For example:
The authority of admin (super administrator) is to add, delete, modify, and check, which is 1111——>0000 1111
The editor (website editor) has the permissions to add, modify, and check, which is 1101——>0000 1101
user (ordinary user) only has browsing and query permissions, which is 1000——>0000 1000
Then we only need to perform bitwise AND operations on them to determine whether we have permission
For example: (Looking from back to front) Convert decimal (database storage type value) to binary and perform "AND" operation
Website editing permissions 0000 1101 (the decimal value of the permission is 13) & 0000 0010 (the deletion permission is 2 in decimal and converted to 10 in binary). Result: 0000 0000, which means no permissions
Try again
Normal user permissions 0000 1000 & 0000 0001 (adding permissions in decimal is 1 and binary is 1) Result: 0000 0000 also does not have permissions
Super administrator permissions 0000 1111 & 0000 1101 (website editing permissions) Result: 0000 1101, which means you have website editing permissions
Okay, let’s look at specific examples
I built a database with 2 tables in it
One is the user table:
gid represents the group id of the permission table
One is the permission table:
flag represents the permission to add, delete, modify and check, which can be defined according to your own needs
Basic configuration page: config.php
Copy code
1
2
3 define('HOST','localhost');
4 define('DBNAME','member');
5 define('USER', 'root');
6 define('PASS', '');
7
8
9 $link=@mysql_connect(HOST,USER,PASS) or die('Database connection failed');
10
11 mysql_select_db(DBNAME,$link);
12
13 define('ADD',1);//binary 1
14 define('DELETE',2);//Binary 10
15 define('UPDATE',4);//Binary 100
16 define('SELECT',8);//Binary 1000
17
18 //If there is permission, it is 1, if there is no permission, it is 0
19 $admin=ADD|DELETE|UPDATE|SELECT;//1111
20 $editor=ADD|UPDATE|SELECT;//1101
21 $user=SELECT;//1000
22 ?>
Copy code
Log in homepage: index.html
Copy code
1
2
3
4
5 Document
6
7
8
9 账号:
10 密码:
11
12
13
14
复制代码
提交页面:action.php
复制代码
1
2
3 require_once('config.php');
4 $username=$_POST['username'];
5 $password=$_POST['password'];
6
7
8 $sql="select * from user as a,role as b where a.gid=b.gid
9 and a.username='$username' and password='$password'";
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn