Based on native PHP cross-member permission control. For the background management system of a website, the single Super Administrator privilege is often unable to meet our needs, especially for large websites, native PHP-based cross-member permission control
For a website's background management system, a single Super Administrator privilege often cannot meet our needs. especially for large websites, such a single privilege will lead to many problems.
For example, when editing a website, he is only responsible for updating the company's website announcements. However, if the website background does not have strict permission restrictions, can he perform operations on the customer's information, this is a big risk.
If you have learned the ThinkPHP framework, you must know that RBAC is a thing. today, let's not talk about that. in the native PHP language, how can we implement cross-permission control.
Well, let's not talk much about it. let's talk about the principle and code.
Cross-control of permissions can be implemented in many ways. here we only provide one idea: (I use the binary number method)
1. here we first mention the bitwise AND and bitwise OR calculation methods:
1. bitwise AND operator (&)
The two data involved in the operation perform the "and" operation in binary bits. ("And" Operation => whether there are included values such as: 7 & 8 = 0)
Calculation rule: 0 & 0 = 0; 0 & 1 = 0; 1 & 0 = 0; 1 & 1 = 1;
That is, if the two digits are "1" at the same time, the result is "1". Otherwise, the value is 0.
For example, 3 & 5 means 0000 0011 & 0000 0101 = 0000 0001. Therefore, 3 & 5 is worth 1.
In addition, negative numbers are involved in bitwise and computation in the form of supplementary codes.
2. bitwise OR operator (|)
The two objects involved in the operation perform the "or" operation in binary bits. ("Or" Operation => can include values such as: 7 = 4 | 2 | 1. use "exclusive or" to remove include values such as: 7 ^ 2)
Calculation rules: 0 | 0 = 0; 0 | 1 = 1; 1 | 0 = 1; 1 | 1 = 1;
That is, if one of the two objects involved in the operation is 1, the value is 1.
For example, 3 | 5 is 0000 0011 | 0000 0101 = 0000 0111. Therefore, 3 | 5 is worth 7.
In addition, negative numbers are involved in bitwise OR operations in the form of supplementary codes.
After learning about bitwise and bitwise OR operations, let's look at the following example:
1
2 define ('Add', 1); // binary 1
3 define ('delete', 2); // binary 10
4 define ('update', 4); // binary 100
5 define ('select', 8); // 1000 binary
6
7 // The permission is 1, and the permission is 0.
8 $ admin = ADD | DELETE | UPDATE | SELECT; // 1111
9 $ editor = ADD | UPDATE | SELECT; // 1101
10 $ user = SELECT; /// 1000
11?>
I have created four permissions for addition, deletion, modification, and query and set them as constants.
The binary number of 1 is 1000, the binary number of 4 is, and the binary number of 8 is, which is just a regular rule.
Some may ask how the above permission variables admin, editor, and user correspond to 1111,1101, 1000?
In PHP, a decimal number to binary number function is called decbin ()
The corresponding function explanation is as follows:
Decbin
(PHP 3, PHP 4, PHP 5)
Decbin -- Convert decimal to binary
Description
String decbin (int number)
Returns a string containing the binary representation of the given number parameter. The maximum value to be converted is 4294967295 in decimal format, and the result is a string of 32 characters.
Example 1. decbin ()
Echo decbin (12). "\ n ";
Echo decbin (26 );
?>
The above example will output:
1100
11010
See bindec (), decoct (), dechex (), and base_convert ().
Let's take a look at the test output:
1
2
3
4 define ('Add', 1); // binary 1
5 define ('delete', 2); // binary 10
6 define ('update', 4); // binary 100
7 define ('select', 8); // binary 1000
8
9 // The permission is 1, and the permission is 0.
10 $ admin = ADD | DELETE | UPDATE | SELECT; // 1111 15
11 $ editor = ADD | UPDATE | SELECT; // 1101 13
12 $ user = SELECT; // 1000 8
13
14 echo decbin ($ admin )."
";
15 echo decbin ($ editor )."
";
16 echo decbin ($ user )."
";
17
18
19?>
Output result:
Then we can use this operation to determine the permissions. 1 indicates that you have permissions, and 0 indicates that you have no permissions.
For example:
Admin (Super Administrator) has the permission to add, delete, modify, and query, that is, 1111 --> 0000 1111
Editor (Website Editing) has the permission to add, modify, and query, that is, 1101 --> 0000 1101
Users (normal users) only have the permission to browse and query, that is, 1000 --> 0000 1000
Then we only need to perform bitwise and operations on them to determine whether they have the permission.
For example: (from the back to the front) convert decimal (database storage type value) to binary for "and" Operation
Website Editing permission 0000 1101 (permission decimal: 13) & 0000 0010 (delete permission decimal: 2 to binary: 10) result: 0000 0000 is not authorized
Try again
Normal user permission 0000 1000 & 0000 0001 (add permission in decimal format: 1, binary is 1) result: 0000 0000 is also not permitted
Super administrator permission 0000 1111 & 0000 1101 (website editing permission) result: 0000 1101 is the website editing permission.
Let's take a look at the specific instance.
I created a database with two tables in it.
One is the user table:
Gid indicates the group id of the permission table.
One is the permission table:
Flag indicates the permission to add, delete, modify, and query. you can define it as needed.
Basic Configuration page: config. php
1
2
3 define ('host', 'localhost ');
4 define ('dbname', 'member ');
5 define ('user', 'root ');
6 define ('pass ','');
7
8
9 $ link = @ mysql_connect (HOST, USER, PASS) or die ('database connection failed ');
10
11 mysql_select_db (DBNAME, $ link );
12
13 define ('Add', 1); // binary 1
14 define ('delete', 2); // binary 10
15 define ('update', 4); // binary 100
16 define ('select', 8); // binary 1000
17
18 // The permission is 1, and the permission is 0.
19 $ admin = ADD | DELETE | UPDATE | SELECT; // 1111
20 $ editor = ADD | UPDATE | SELECT; // 1101
21 $ user = SELECT; // 1000
22?>
Log on to the homepage: index.html
1
2
3
4
5Document
6
7
8
13
14
Submit page: action. php
1
2
3 require_once ('config. php ');
4 $ username = $ _ POST ['username'];
5 $ password = $ _ POST ['password'];
6
7
8 $ SQL = "select * from user as a, role as B where a. gid = B. gid
9 and a. username = '$ username' and password =' $ password '";
10
11 $ result = mysql_query ($ SQL );
12 if ($ data = mysql_fetch_array ($ result )){
13 // verify the account and determine the corresponding permissions
14 // check whether the user database has the deletion permission. for example, if the user database stores 8-to-binary-to-1000, the user database deletes 2-to-binary-to-0010, and the operation 0000 does not have the permission.
15 if ($ data ['flag'] & DELETE ){
16 echo "you have the delete permission ";
17} else {
18 echo "you have no permission to delete ";
19}
20
21} else {
22 echo "wrong account password ";
23}
24
25
26?>
In the background management system of a website, a single Super Administrator privilege cannot meet our needs, especially for large websites ,...