20150403--rbac+ Home Login-01

Catalogue

I. Project Analysis 1

ii. Rights Management 1

third, the site layout, Layout complete Home 4

iv. Completion of admin login 7

v. Settings for Rights Management 12

1 , add permissions 12

2 , permissions List 15

3 , modify Permissions 15

4 , delete permissions , project analysis

Model Management

Column management, (using infinite pole classification)

Content additions, (automatically generate forms based on the field of the table attached to the model)

RBAC (Administrator management, role management, rights Management)

Use TP framework to complete development, second, rights Management

Think of a project has backstage and front desk, backstage generally have a super administrator, Super Administrator has all the rights, there may be some ordinary administrators, ordinary administrators have their own rights, in the operation, can only operate their own some of the permissions functions.

Implementation method One:

Grant permissions directly to the normal administrator, and verify that you have permission to perform the operation.

Compared with fewer administrators, it is not easy to assign permissions if the administrator is more than a few cases.

Implementation mode two

Role-based access controls (role-based access control) as a promising alternative to traditional access control (autonomous access, forced access) are widely concerned. In RBAC, permissions are associated with roles, and users get permissions to those roles by becoming members of the appropriate role. This greatly simplifies the management of permissions.

Requirements for RBAC:

There is a super administrator, created when the table is built, does not belong to any role, has all the permissions.

When a normal administrator logs on, the button to the left is generated according to his or her permissions, and is not displayed if the permission is not present.

Permissions are buttons.

Build a table to implement RBAC

Permission Table It_privilege

Required fields, permission names, execution of address sub-permissions, using infinite pole classification

Create Database Itcms;

Use Itcms;

#权限表

CREATE TABLE It_privilege (

ID tinyint unsigned primary key auto_increment,

Priname varchar (+) NOT null comment ' permission name ',

parent_id tinyint unsigned NOT null default 0 comment ' Parent permission id ',

Controllername varchar (+) NOT null default ' comment ' corresponds to the controller name ',

ActionName varchar (+) NOT null default ' comment ' corresponding method name '

) engine MyISAM charset UTF8;

Role table: It_role

Required field, name of the role

#角色表

CREATE TABLE It_role (

ID tinyint unsigned primary key auto_increment,

RoleName varchar (+) NOT null default ' comment ' role name '

) engine MyISAM charset UTF8;

Analysis: The relationship between the permission table and the role table,

Do you have multiple permissions in a role? Answer is,

Does a permission belong to more than one role? Answer is

So the relationship between the two tables is a many-to-many relationship.

#建立角色权限的中间表 It_role_privilege

CREATE TABLE It_role_privilege (

role_id tinyint unsigned not NULL comment ' role ID ',

pri_id tinyint unsigned not NULL comment ' permission ID ',

Key (ROLE_ID),

Key (PRI_ID)

) engine MyISAM charset UTF8;

#管理员表, it_admin

Required fields, administrator name password

CREATE TABLE It_admin (

ID tinyint unsigned primary key auto_increment,

Username varchar (+) NOT null comment ' administrator name ',

Password char (+) NOT null comment ' Administrator password ',

Salt varchar (a) NOT null comment ' password key '

) engine MyISAM charset UTF8;

#salt; When you add an administrator, it is randomly generated.

#密码的生成方式: MD5 (MD5 (password). Salt)

#添加一个超级管理员, the plaintext password is admin

INSERT into it_admin values (null, ' admin ', ' b3cd5411e88a1dd546521b0c6f75c9e4 ', ' serfs2 ');

#管理员和角色表

CREATE TABLE It_admin_role (

admin_id tinyint unsigned not null comment ' administrator's id ',

role_id tinyint unsigned not NULL comment ' role ID ',

Key (ADMIN_ID),

Key (ROLE_ID)

) engine MyISAM charset UTF8;

The relationship between five sheets;

third, the site layout, Layout complete Home

Using the TP framework, version 3.1.3,

1. Create a new virtual host to complete the configuration layout of the project's files

2. Create a new portal file under the root directory of the project to complete some configuration.

3, create a new home controller (IndexAction.class.php), and add the following methods

4. Copy the static page of the method corresponding to the controller.

5, the static page using the picture Style JS copy to the root directory under the public directory below.

5, open index.html left.html top.html main.html complete the style picture JS path replacement

Use: __public__ parsed as follows:

Modify the Index.html page to introduce a static page to the method in the frame set called the controller.

Path rules can be configured separately.

6. Configure the database for the site

Iv. Completion of the administrator login

1, create a login controller, and add the login method, and copy the corresponding template, and complete the template style path replacement.

2. Add a verification code to the login page

(1) Add a method to the login controller to generate the verification code

(2) Complete the display of validation on the Login.html page and complete the Change form

3, data validation, when the administrator login, to do data validation, and Verification code verification

Data validation: Rules that require validation:

Verify that the administrator name cannot be empty

The administrator password cannot be empty,

The verification code cannot be empty

Verify that the code is correct

(1) Because the administrator and password verified are related to the admin table. To create a model for admin.

Define a validation rule in the admin model itself,

(2) in the login controller in the login method for data validation,

(3) A method of adding a login verification to the admin model

(4) Login verification test, login success, jump to the background home

4, if the user does not log in, then can not access the background of the page, requiring users must log in to access the background page

Define a parent class controller, in which there is a method to verify the login, the other controller inherits the controller, and the other controller performs an action to verify the login method.

The _initialize method is executed first before all action method calls, and the method is executed inside the constructor,

The _initialize method in the Myaction controller defines whether the authentication is logged in.

20150403--rbac+ Home Login-01