Cross-membership permission control based on native PHP

Based on native PHP cross-membership permission control

For a website's backend management system, a single super administrator authority often cannot meet our needs. Especially for large websites, this single authority will cause many problems.

For example: a website editor is usually only responsible for announcement updates of the company website, but if the website background does not have strict permission restrictions, he will be able to operate some of the customer's information. This is a big hidden danger.

If you have studied the ThinkPHP framework, you must know that there is something called RBAC. Today we will not talk about that, but let’s talk about how to implement cross permission control in the native PHP language.

Okay, not much to say, as usual, just talk about the principles and code.

There are many ways to implement cross-control of permissions. Here is just one idea: (I use the binary number method)

1. Here we first mention the operation methods of bitwise AND and bitwise OR:

1. Bitwise AND operator (&)

The two data participating in the operation are ANDed according to the binary bits. ("AND" operation => Whether there is a contained value such as: 7&8=0)

Operation rules: 0&0=0; 0&1=0; 1&0=0; 1&1=1;

That is: if both bits are "1" at the same time, the result is "1", otherwise it is 0

For example: 3&5 is 0000 0011 & 0000 0101 = 0000 0001 Therefore, 3&5 is worth 1.

In addition, negative numbers participate in bitwise AND operations in two's complement form.

2. Bitwise OR operator (|)

The two objects participating in the operation perform an "OR" operation based on binary bits. ("OR" operation => can include values such as: 7=4|2|1, use "XOR" to remove included values such as: 7^2)

Operation rules: 0|0=0; 0|1=1; 1|0=1; 1|1=1;

That is: as long as one of the two objects participating in the operation is 1, its value is 1.

For example: 3|5　that is 0000 0011 | 0000 0101 = 0000 0111 Therefore, 3|5 is worth 7.

In addition, negative numbers participate in bitwise OR operations in two's complement form.

After understanding the operations of bitwise AND and bitwise OR, let’s look at the following example:

Copy code

2 define('ADD',1);//Binary 1

3 define('DELETE',2);//Binary 10

4 define('UPDATE',4);//Binary 100

5 define('SELECT',8);//Binary 1000

7 //With permission it is 1, if there is no permission it is 0

8 $admin=ADD|DELETE|UPDATE|SELECT;//1111

9 $editor=ADD|UPDATE|SELECT;//1101

10 $user=SELECT;//1000

11 ?>

Copy code

I made four permissions for addition, deletion, modification and search respectively and set them as constants

The binary number of 1 is 1, the binary number of 2 is 10, the binary number of 4 is 100, and the binary number of 8 is 1000. This just becomes a rule

Some friends may ask where the 1111, 1101, and 1000 corresponding to the above permission variables admin, editor, and user come from?

There is a function in PHP to convert decimal numbers to binary numbers called decbin()

The following is the corresponding function explanation:

Copy code

decbin

(PHP 3, PHP 4, PHP 5)

decbin -- convert decimal to binary

Description

string decbin (int number)

Returns a string containing the binary representation of the given number parameter. The maximum value that can be converted is 4294967295 in decimal, which results in a string of 32 ones.

Example 1. decbin() example

echo decbin(12) . "n";

echo decbin(26);

The above example will output:

1100

11010

See bindec(), decoct(), dechex() and base_convert().

Copy code

Let’s test the output and see:

Copy code

4 define('ADD',1);//Binary 1

5 define('DELETE',2);//Binary 10

6 define('UPDATE',4);//Binary 100

7 define('SELECT',8);//Binary 1000

9 //If there is permission, it is 1, if there is no permission, it is 0

10 $admin=ADD|DELETE|UPDATE|SELECT;//1111 15

11 $editor=ADD|UPDATE|SELECT;//1101 13

12 $user=SELECT;//1000 8

14 echo decbin($admin)."
";

15 echo decbin($editor)."
";

16 echo decbin($user)."
";

19 ?>

Copy code

Output result:

Then we can use this operation to determine the permissions. 1 means there is permission, 0 means no permission

For example:

The authority of admin (super administrator) is to add, delete, modify, and check, which is 1111——>0000 1111

The editor (website editor) has the permissions to add, modify, and check, which is 1101——>0000 1101

user (ordinary user) only has browsing and query permissions, which is 1000——>0000 1000

Then we only need to perform bitwise AND operations on them to determine whether we have permission

For example: (Looking from back to front) Convert decimal (database storage type value) to binary and perform "AND" operation

Website editing permissions 0000 1101 (the decimal value of the permission is 13) & 0000 0010 (the deletion permission is 2 in decimal and converted to 10 in binary). Result: 0000 0000, which means no permissions

Try again

Normal user permissions 0000 1000 & 0000 0001 (adding permissions in decimal is 1 and binary is 1) Result: 0000 0000 also does not have permissions

Super administrator permissions 0000 1111 & 0000 1101 (website editing permissions) Result: 0000 1101, which means you have website editing permissions

Okay, let’s look at specific examples

I built a database with 2 tables in it

One is the user table:

gid represents the group id of the permission table

One is the permission table:

flag represents the permission to add, delete, modify and check, which can be defined according to your own needs

Basic configuration page: config.php

Copy code

3 define('HOST','localhost');

4 define('DBNAME','member');

5 define('USER', 'root');

6 define('PASS', '');

9 $link=@mysql_connect(HOST,USER,PASS) or die('Database connection failed');

11 mysql_select_db(DBNAME,$link);

13 define('ADD',1);//binary 1

14 define('DELETE',2);//Binary 10

15 define('UPDATE',4);//Binary 100

16 define('SELECT',8);//Binary 1000

18 //If there is permission, it is 1, if there is no permission, it is 0

19 $admin=ADD|DELETE|UPDATE|SELECT;//1111

20 $editor=ADD|UPDATE|SELECT;//1101

21 $user=SELECT;//1000

22 ?>

Copy code

5 Document

9 账号：

10 密码：

复制代码

提交页面：action.php

复制代码

3 require_once('config.php');

4 $username=$_POST['username'];

5 $password=$_POST['password'];

8 $sql="select * from user as a,role as b where a.gid=b.gid

9 and a.username='$username' and password='$password'";

11 $result=mysql_query($sql);

12 if($data=mysql_fetch_array($result)){

13 //账号验证通过，判断对应权限

14 //此处判断的是是否具备删除权限如：user数据库存储的值为8转二进制为1000 删除权限的值为2转二进制为0010 与运算0000 无权限

15 if($data['flag']&DELETE){

16 echo "你有删除权限";

17 }else{

18 echo "你没有删除权限";

19 }

21 }else{

22 echo "错误账号密码";

23 }

26 ?>

Related labels：

member Permissions

source：php.cn

Previous article：A brief discussion on using PHP for mobile APP development (API interface development), appapi_PHP tutorial Next article：Use laravel to generate sql with brackets, laravelsql_PHP tutorial

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Cross-membership permission control based on native PHP_PHP tutorial

Based on native PHP cross-membership permission control