Home>Article>Backend Development> Detailed explanation of PHP's RBAC permissions
This article mainly shares with you a detailed explanation of PHP's RBAC permissions. I hope it can help everyone. First of all, we should know what functions are required for permission management:
(1). Users can only access specified controls. Controller, specified method
(2) Users can exist in multiple user groups
(3) User groups can be selected, specified controller, specified method
(4) You can add controllers and methods
RBAC (Role-Based Access Control, role-based access control), which means users are associated with permissions through roles. Simply put, a user has several roles, and each role has several permissions. In this way, a "user-role-permission" authorization model is constructed. In this model, there is generally a many-to-many relationship between users and roles, and between roles and permissions.
1. Database design
Write five tables, first: user table, role table, function table:
The table of the connection table...Then there is the role function table and the user role table:
2. Administrator's management Page,
(1). Display the user name and role name respectively
(2). According to the change of the drop-down user name, change the role in the corresponding check box
(3). When modifying a user role, first delete the user's corresponding role table and all information about this user, and then add the obtained user name and role code.
Use drop-down list: embed php query and traverse it, display it as a drop-down list
Query($sql); foreach ($arr as $v) { echo ""; } ?>
Select the character and use the multi-select box:
请选择角色Query($sjs);foreach ($ajs as $v) { echo "{$v[1]} "; }?>
Picture:
When the user changes, the corresponding role also changes accordingly, and the role of the person is changed. Information, add and save, the basic idea of adding and saving is to first delete all the role information corresponding to the person in the database, and then fetch the selected part and add it to the database.
First let him select the default role:
To write his processing page:
strQuery($sql);break; }
Let’s take a look at the final result. If the login is successful, you will enter the homepage. If the login fails, An error will be prompted
Come again, save button:
Processing page:
Query($sdel,0); //拆分取到的字符串 $arr= explode("|",$juese); foreach ($arr as $v) { $sql = "insert into qxyhzw VALUES ('','{$uid}','{$v}')"; $db->query($sql,0); } echo "ok"; break; }
See the effect:
The role is selected by default;
Select to save after changing:
Management page summary Code:
View Code
Total code for processing page:
strQuery($sql);break; case 1: $uid = $_POST["zhang"]; $juese = $_POST["juese"]; // 首先全部删掉里面的职位 $sdel = "delete from qxyhzw WHERE uid = '{$uid}'"; $db->Query($sdel,0); //拆分取到的字符串 $arr= explode("|",$juese); foreach ($arr as $v) { $sql = "insert into qxyhzw VALUES ('','{$uid}','{$v}')"; $db->query($sql,0); } echo "ok"; break; }
3. Login page:
The display is very simple:
Write login processing
strQuery($sql)>0;if($mm = $mi && !empty($mi)) { $_SESSION["zhang"] = $zhang; header("location:chaxun.php"); }//else //{ // echo "登入失败"; //}
Jump to the main page, main page code:
Everyone’s main page is different
主页面
Query($sql);//根据角色代号查功能代号$attr = array();//定义一个存放功能代号的数组foreach ($aql as $v) { $jsid = $v[0];// 角色代号 $ssql = "select rid from qxgnzw WHERE jid='{$jsid}'"; $aaql = $db->strQuery($ssql);//拆分 $adai = explode("|",$aaql); foreach ($adai as $h) { array_push($attr,$h); } }$attr = array_unique($attr);//去重 //显示foreach ($attr as $k) { $ql = "select * from qxgn WHERE code = '{$k}'"; $arr = $db->Query($ql); $arr[0][0]; $arr[0][1]; echo "{$arr[0][1]}
"; }?>
The user experience of using php is not good, it is best to use ajax.
Related recommendations:
php Personnel Access Management (RBAC)
The above is the detailed content of Detailed explanation of PHP's RBAC permissions. For more information, please follow other related articles on the PHP Chinese website!