Auth permission authentication is a brute force attack!

Provides various official and user-released code examples. For code reference, you are welcome to learn about the brute force attack of Auth permission authentication!
About auth, there are many related articles on the official website, so I will not repeat it again. here, I will go directly to the demo and briefly explain the precautions and some suggestions. go to the topic.

I. auth authentication principle
The auth class verifies whether the role Group of the user uid has the corresponding permissions.

2. Preparations

1. Create a table (this mainly describes the newly added fields or tables. If the table has not been changed, it is not described here)

1) tk_auth_group User Group
Create table 'tk _ auth_group '(
'Id' mediumint (8) unsigned not null AUTO_INCREMENT,
'Title' char (100) not null default '',
'Status' tinyint (1) not null default '1 ',
'Rules' char (80) not null default '',
'Describe' char (50) not null default '', # New, simple description of user groups
Primary key ('id ')
) ENGINE = MyISAM default charset = utf8;2) tk_auth_rule rule table
Create table 'tk _ auth_rule '(
'Id' mediumint (8) unsigned not null AUTO_INCREMENT,
'Name' char (80) not null default '',
'Title' char (20) not null default '',
'Type' tinyint (1) not null default '1 ',
'Status' tinyint (1) not null default '1 ',
'Condition 'Char (100) not null default '',
'Mid 'tinyint (3) unsigned not null default '0', # New, foreign key, corresponding to the id of tk_modules, Rule Classification processing, convenient management
Primary key ('id '),
Unique key 'name' ('name ')
) ENGINE = MyISAM default charset = utf8;3) tk_modules module table
Create table 'tk _ Les '(
'Id' tinyint (3) unsigned not null AUTO_INCREMENT,
'Modulename' varchar (20) not null default '', # Module name
Primary key ('id ')
) ENGINE = InnoDB default charset = utf8;4) tk_members User table
Create table 'tk _ members '(
'Uid' mediumint (8) unsigned not null AUTO_INCREMENT,
'Username' varchar (20) not null default '',
'Password' char (32) not null default '',
'Score 'mediumint (8) unsigned not null, # user points
Primary key ('uid ')
) ENGINE = MyISAM default charset = utf8;2. Configuration File

1) Configure database items (I am using the pdo method. If your environment does not support pdo, I will manually change it to another method)
// Database Configuration
// Pdo type, with dsn connection
'Db _ type' => 'pdo ',
'Db _ user' => 'root ',
'Db _ pwd' => '123 ',
'Db _ prefix' => 'tk _',
'Db _ port' => '123 ',
'Db _ DSN '=> 'mysql: host = localhost; dbname = auth; charset = utf8 ',2) set the role group, set the super Administrator group, and skip authentication directly.
// Super administrator id, with all permissions, as long as the user uid is in this role group, it will jump out of authentication. you can set multiple values, such as array ('1', '2', '3 ')
'Admin' => array ('1 '),3. Notes

1) running environment: php version 5.3 or later is required

2) Make a small change to the original auth class. The original file contains about 155 lines.
$ User_groups = M ()
-> Table ($ this-> _ config ['auth _ GROUP_ACCESS ']. 'A ')
-> Where ("a. uid = '$ uid' and g. status = '1 '")
-> Join ($ this-> _ config ['auth _ group']. "g on a. group_id = g. id ")
-> Field ('Id, Rules')-> select (); // the parameter of the original field method is field ('rules'). Adding an id is mainly used to obtain the id of the user group, it is easy to verify the super administrator.
$ Groups [$ uid] = $ user_groups? : Array (); We recommend that you add an id or a parameter in the next update to facilitate flexible settings.

Iii. Installation instructions
For instructions, see readme of the compressed package. md file. in addition, I have made a detailed description of the Code. the following figure shows several violent images. lest someone say: You say a JB without pictures!






Iv. Conclusion
This demo provides mutual learning, hoping to have a comprehensive understanding of auth authentication. in fact, using auth Based on tp is not that complicated and difficult. we hope that more functions can be extended on this basis.

Supplement:
All user passwords are admin

Auth.zip (1.26 MB download: 3194 times)

AD: truly free, domain name + VM + enterprise mailbox = 0 RMB