A little White's understanding of auth

---restore content starts---

PS: Recently need to do a verification of user rights function, in the official and Baidu looked under, found that we are using AUTH to do the verification, the official has a lot of auth use of the tutorial, but are not comprehensive, I also asked a few questions about Auth also no one to answer me, helpless had to step by step to see the code research. My foundation is not good, belong to halfway decent of kind, hope my tutorial everybody don't laughed at. The novice is purely helpless to lift ...
Not much nonsense begins to decrypt:

First of all, I'm using the thinkphp version: ThinkPHP3.2.3 full version
Auth translation into Chinese is the meaning of authentication.
TP's Auth Class Core edition is not. The full version only, this point everyone should pay attention to!

1: First Open Auth.class.php

File Location thinkphp/library/think/auth.class.php

2: Open the Auth class file after we want to build AUTH certification required 3 tables, Auth class has been given the table used by the field of direct copy back paste into the phpMyAdmin run SQL can;

The table used by Auth is as follows:

//Database/*--------------------------------think_auth_rule, rule table,-ID: Primary key, Name: Rule unique ID, title: Rule Chinese Name Status status: 1 Normal, 0 disabled, Condition: The regular expression, which is an empty representation exists on validation, is not NULL to validate------------------------------DROP TABLE IF EXISTS ' think_auth_rule '; CREATE TABLE ' think_auth_rule ' (' ID ' mediumint (8) unsigned not NULL auto_increment, ' name ' char (a) NOT null DE FAULT ', ' title ' char (+) NOT null default ' ', ' type ' tinyint (1) is not null default ' 1 ', ' status ' tinyint ( 1) NOT NULL default ' 1 ', ' condition ' char (+) NOT null default ' ', # Rule attachment condition, rules that satisfy additional conditions are considered valid rules PRIMARY KEY (' ID '), UNIQUE KEY ' name ' (' name ') Engine=myisam DEFAULT Charset=utf8;--------------------------------Think_auth_grou P User Group table,--ID: Primary KEY, Title: User group Chinese name, rules: User Group has rule ID, multiple rules "," separated, status state: 1 normal, 0 disabled------------------------------DROP TABLE IF EXISTS ' Think_auth_group '; CREATE TABLE ' Think_auth_group ' (' ID ' mediumint (8) unsigned not NULL auto_increment, ' title ' char (+) ' NOT null D Efault ', ' StatuS ' tinyint (1) NOT null default ' 1 ', ' rules ' char (+) NOT null default ', PRIMARY KEY (' id ')) Engine=myisam Defau LT Charset=utf8;--------------------------------think_auth_group_access User Group Schedule-UID: User id,group_id: User group ID--------- ---------------------DROP TABLE IF EXISTS ' think_auth_group_access '; CREATE TABLE ' think_auth_group_access ' (' UID ' mediumint (8) unsigned not NULL, ' group_id ' mediumint (8) unsigned Not NULL, UNIQUE key ' uid_group_id ' (' uid ', ' group_id '), key ' uid ' (' uid '), key ' group_id ' (' group_id ')) Engin  E=myisam DEFAULT Charset=utf8;*/

PS: We can change to the table prefix you want;
Another thing to say is: These 3 tables can be changed to the table name, as long as the field contains Auth required authentication field can also. If you rename these 3 tables, simply change them to their corresponding table names in the auth configuration.

3:3 sheets set up first to talk about the role of these 3 tables # (I understand limited people do not spray) (my table prefix is tp_)

Tp_auth_rule # (rule translated into Chinese for "rules" together is the authentication rule)

Field Overview:

ID: This does not have to say that I believe we all know (table primary key, self-increment, rule ID identifier)
name: Authentication rule (the field holds the "module name/Controller name/method name" or "Custom rule" string type that you need to authenticate here it is best to follow the module name/Controller/method to fill, multiple rules between, separated, the current rules are based on your ideas to customize, You can also fill out an admin or * or Guanliyuan etc! Field length is 80, do not exceed this length can be)
title: Rule description That's not much to say
Type: tinyint, the condition field allows you to define a rule expression if it is 1. This rule does not pass if the definition {score}>5 and {score}<100 indicates that the user's score is between 5-100. (Default is 1)
condition: When type is 1 o'clock, the contents of the condition field will be used as regular expression rules to match the authentication rules to authenticate the user

Tp_auth_group # (group translation to Chinese as "groups" meaning, together is the authentication group)

Field Overview:
ID: Everybody knows that. (ID identification of authentication Group, table primary key self-increment)
title: Authentication Group Name
status: Turn on 0 to off 1 for on (default = 1 on)
rules: Rule ID (here is the ID of the rule in Tp_auth_rule, which will show you below)

Tp_auth_group_access (This table has two fields, which are the intermediate tables for rules and groups)

Field Overview:
UID: Member ID (this is the member ID that needs authentication)
group_id: Authentication Group ID (the ID of the authentication group is filled in here)

Ps: Here's how I understand the 3-sheet relationship:
In fact, the use of Auth is 4 tables (1. Membership Table 2. Certification Rules table 3. Certification Group Table 4. Certification Intermediate table), I do not have strong expression ability, simply say:

A. I'm in tp_auth_rule. Add one or more validation rules to verify your access rights

For example:

(admin/article/add) Add permission to an article
(Admin/article/edit) To modify the permissions of an article
(admin/article/delete) Permission to delete an article

Ps: These 3 rules can be combined into a single rule, combined into one rule: (admin/article/add,admin/article/edit,admin/article/delete)!

Multiple rules separated by commas
One more thing: This rule is 80 bytes, do not exceed; This rule you can also write article (meaning that you have all the permissions to manipulate the article)

can also be written (article-add-edit-delete) This means to have the article to delete and modify permissions
can also be written (article-add-edit) The meaning is to have the article to increase and modify the permissions, no delete permissions

In short, the rules here you can follow your own ideas, very flexible. This is awesome!

B. Add 2 user groups in the authentication group (respectively: Information Entry Department, Information Audit department, information XX Department)

Status defaults to On line, default is 1 to open this authentication group
Rules rule ID Multiple rules with, separating for example I now have 4 rules respectively:
ID 1:admin/article/add Add permission to the article
ID 2:admin/article/edit permission to modify an article
Permission to delete an article with ID 3:admin/article/delete
ID for 4:article-add-edit-delete has the article to delete and change permissions
Analysis: The information Input Department needs to add and modify the article and delete permissions, the audit department needs to modify and delete permissions, Information XX Department needs all the operation information permissions
According to the analysis:
The rules required by the information entry department are:
What the information Audit department needs is: 2,3
The information XX department needs is 4
OK, insert the data:
Information Entry Department: Title: Information Entry Department rules:1,2,3 (after insert assume ID is 1)
Information Audit Department: Title: Information Audit Department rules:2,3 (after inserting the construction ID is 2)
Information XX Department: Title: Information XX Department rules:4 (after inserting the construction ID is 3)
C. Certification in the intermediate table to enter the required authentication member ID and authentication group ID can be
PS: Suppose I now have a membership table for Tp_user
There are 4 members, respectively:
ID 1: Little Red
ID 2: Xiaoming
ID 3: Xiao Zhang
ID 4: Xiao Li

Assign permissions below:
Xiao Hong and Xiao Ming is the information entry department:
Then tp_auth_access as follows:
The UID is 1 of the small red belongs to the Certification department 1 (1 is the Authentication Group table of Information Entry department, with the addition, modification, deletion of the rights)
The UID is 2 Xiao Ming with the small red one level (function same)
The UID is 3 of the small Zhang belongs to the Certification Department 2 (2 is the Authentication Group table in the information Audit department, with the right to modify, delete)
The UID is 4 of the small Lee belongs to the Certification Department 3 (3 that is, the information in the Certification Form XX Department has the information to increase, modify, delete permissions)
PS: Maybe I said a bit around, but the meaning is almost like this hey! In the rule table for all rules that require authentication, the Group table is the Department group, and the Authority for the department is the rule in the Rules Table Id,access table for the record user belongs to that department! Do you understand that?

4: Start authentication right now:

Ps: Here I want to correct one point: I now use the thinkphp version of ThinkPHP3.2.3 full version: In the Auth class, there is a paragraph:
/**
* Permission Authentication Class
* Functional Features:
* 1, is the rule certification, not to the node authentication. The user can authenticate the node as a rule name implementation.
* $auth =new auth (); $auth->check (' rule name ', ' User ID ')
* 2, multiple rules can be authenticated at the same time, and set the relationship of multiple rules (or OR and)
* $auth =new auth (); $auth->check (' rule 1, Rule 2 ', ' User ID ', ' and ')
* When the third parameter is and, the user needs to have both rule 1 and Rule 2 permissions. When the third argument is or, the user value needs to have one of these conditions. Default to or
* 3, a user can belong to more than one user group (the Think_auth_group_access table defines the user group to which users belong). We need to set what rules each user group has (Think_auth_group defines user group permissions)
*
* 4, supports regular expressions.
* When a rule is defined in the Think_auth_rule table, the Condition field can define a rule expression if the type is 1. This rule does not pass if the definition {score}>5 and {score}<100 indicates that the user's score is between 5-100.
*/

The problem is this sentence:
2, you can authenticate multiple rules at the same time, and set the relationship of multiple rules (or OR and)
$auth =new auth (); $auth->check (' rule 1, Rule 2 ', ' User ID ', ' and ');
Problem:
Check methods in the Auth class have a total of 5 parameters
Public function Check ($name, $uid, $type =1, $mode = ' url ', $relation = ' or ')
So the third parameter in the official class fills in and the sight is not playing any role!
I don't know if that's the case, huh?


Ps: Before using auth, configure the following configuration items for Auth:
If you haven't modified the Auth_rule,auth_group,auth_group_access table name, just configure your membership form. Add the following configuration entry in the configuration item:

 //Auth Configuration    'Auth_config'=Array (//User Group data table name//' auth_group ' = ' tp_group ',//User-user Group Relationship table//' auth_group_access ' = ' tp_group_access ',//Permission Rules table//' auth_rule ' = ' tp_rule ',//User Information Table        'Auth_User'='Tp_admin'    ), 

Also add that the member ID must be the primary key in the membership table!


I am now doing the experiment under Home/login/index:
Declare the Auth class first:

<?PHPnamespaceHome\controller;classLogincontroller extends \think\controller{ Publicfunction Indexaction () {//declaring the Auth authentication class$auth =New\think\auth (); /*Verify that a single condition verifies that the member ID is 1 red whether there is permission to add information to the parameter interpretation in the Check method: Parameter 1:adm In/article/add Suppose I now request the Admin module under the article controller's Add method parameter 2:1 for the currently requested member ID*/Var_dump ($auth->check ('Admin/article/add',1) );//Boolean True                /*verify multiple conditions at the same time to verify that the Member ID 1 of the Little Red has increased information, modified information and a non-existent rule to interpret the permission parameters: Parameter 1: Multiple rules validate at the same time, verify that you have the Add, modify, delete permissions parameter 2: The current request's member ID ps:xxx is a nonexistent rule why does it return true? Because the Check method 5th parameter defaults to or that is true for multiple rules as long as one condition is met*/        //Var_dump ($auth->check (' admin/article/add,admin/article/edit,admnin/article/xxx ', 1));//Boolean True        /*verify multiple conditions at the same time and both are true verify that the member ID 1 of the small red has increased the Modify Delete permission parameter interpretation parameter 1: Multiple rules simultaneously verify, test                Whether the certificate has increased permission to modify delete parameter 2: Member ID of the current request parameter 3: whether to use regular validation of content in the condition parameter 4: Parameter 5: All rules must be met before passing*/        //Var_dump ($auth->check (' admin/article/add,admin/article/edit,admin/article/xxx ', 1, 1, ', ' and ')); //Boolean false    }}?>

Ps: The above example is the most basic certification, of course, friends can define their own validation rules

Here are some other examples:

The name in the rule table can write * * * or admin or other characters in place of a generic validation rule;

You can use module_name when validating. ' /‘. Controller_name. ' /‘. Action_name gets the current module name/Controller name/method name for example:
$auth->check (module_name. ' /‘. Controller_name. ' /‘. Action_name, 1));




There are some ways I don't know how to use:
For example:

 if  ($mode == " url   " && $query!= $auth) {Parse_str ($query, $param);  //  param  $intersect = Array_intersect_assoc ($REQUEST, $param); $auth  = preg_replace ("  /\?. *$/u  , "   if  (In_array ($auth, $name) && $intersect = = $param) {//  $list [] = $auth; }}

$query!= here $anth do not know how to use this, when I was in the local test in the rule rule added one of the rules is test?aa=1&bb=2
When using Auth, this can be verified by:

URL in Get or post must have this aa=1&bb=2 to verify success, very confused here in the end is how a situation, have understanding of the great God want to tell the next
$auth->check (' Test ', 1);

* Is this query!=auth in order not to support PathInfo? Module=home&controller=user&action=login verify this? Don't understand ... *





Ps: You can write a public method, the Auth authentication write to the method inside easy to call!

A little White's understanding of auth

---restore content ends---

A little White's understanding of auth