ThinkPHP learning notes (19th) permission management implementation method RBAC

ThinkPHP learning notes (19th) method of implementing permission management RBACAction & lt ;? Php/*** permission-based role access control * Full extension and heavy-weight RBAC. class. php ** security interceptor ** Authentication Manager (identifying ThinkPHP learning notes (19th) permission management implementation method RBAC

Action method

The data in the five tables below

Tb_user: User table

Role permission group table

Role_user: permission group and user ing table

Node Table: indicates the url classification in the current project, precise to the control of each method

Access Table: indicates different types of URLs accessible to different user groups.

Parameters to be set in config:

// Set the rbac parameter 'user _ AUTH_ON '=> true, 'User _ AUTH_TYPE' => 1, // default authentication type 1 login authentication 2 even if authentication 'user _ AUTH_KEY '=> 'authid', // The USER authentication SESSION is marked 'admin _ AUTH_KEY' => 'admin ', // The administrator ID is 'user _ AUTH_MODEL '=> 'user', // The default verification data table model 'auth _ PWD_ENCODER' => 'md5 ', // USER authentication password encryption method 'user _ AUTH_GATEWAY '=>'/Public/login', // Default Authentication Gateway 'not _ AUTH_MODULE '=> 'public ', // The Authentication Module 'require _ AUTH_MODULE '=> ''is NOT required by default. // The Authentication Module 'not _ AUTH_ACTION' =>'' is required by default '', // The 'require _ AUTH_ACTION '=> ''is not required by default. // The 'Guest _ AUTH_ON' => false is required by default, // whether to enable the user authorization to access 'est _ AUTH_ID '=> 0, // The User id of the visitor (you can set a group of visitors whose id is 0 in the database group) 'show _ RUN_TIME '=> true, // The running time is displayed as 'show _ ADV_TIME' => true, // The detailed running time is displayed as 'show _ DB_TIMES '=> true, // display the number of database queries and writes 'show _ CACHE_TIMES '=> true, // display the number of cache operations 'show _ USE_MEM' => true, // display memory overhead 'DB _ LIKE_FIELDS '=> 'Title | remark', 'rbac _ ROLE_TABLE' => 'think _ role ', 'rbac _ USER_TABLE '=> 'think _ role_user', 'rbac _ ACCESS_TABLE '=> 'think _ access', 'rbac _ NODE_TABLE' => 'think _ node ',

The public access method to be set in PublicAction. (the name is based on the configuration of NOT_AUTH_MODULE in the configuration)

 Login () ;}public function login () {$ this-> display () ;}// you can copy public function checkLogin () in the example () {if (empty ($ _ POST ['username']) {$ this-> error ('account error! ');} Elseif (empty ($ _ POST ['password']) {$ this-> error ('password is required! '); //} Elseif (empty ($ _ POST ['verify']) {// $ this-> error ('verification code is required! ');} // Generate the authentication condition $ map = array (); // you can bind an account to log on to $ map ['username'] = $ _ POST ['username']. // $ map ["status"] = array ('GT ', 0); // if ($ _ SESSION ['verify']! = Md5 ($ _ POST ['verify ']) {// $ this-> error ('verification code error! '); //} Import ('org. util. RBAC '); $ authInfo = RBAC: authenticate ($ map); // use the user name, password, and status to authenticate if (false = $ authInfo) {$ this-> error ('account does not exist or is disabled! ');} Else {if ($ authInfo ['password']! = Md5 ($ _ POST ['password']) {$ this-> error ('wrong password! ');} $ _ SESSION [C ('User _ AUTH_KEY')] = $ authInfo ['id']; // $ _ SESSION ['email '] = $ authInfo ['email']; // $ _ SESSION ['loginusername'] = $ authInfo ['nickname']; // $ _ SESSION ['lastlogintime'] = $ authInfo ['last _ login_time ']; // $ _ SESSION ['login _ count'] = $ authInfo ['login _ count']; if ($ authInfo ['username'] = 'admin ') {$ _ SESSION ['admin'] = true;} // Save the logon information // $ User = M ('user'); // $ ip = get_client_ip (); // $ time = time (); // $ data = Array (); // $ data ['id'] = $ authInfo ['id']; // $ data ['last _ login_time '] = $ time; // $ data ['login _ count'] = array ('Exp ', 'login _ count + 1 '); // $ data ['last _ login_ip '] = $ ip; // $ User-> save ($ data); // cache access permission RBAC: saveAccessList (); $ this-> success ('login successful! ') ;}} // Copy the public function loginout () {if (isset ($ _ SESSION [C ('User _ AUTH_KEY')]) in the example. {unset ($ _ SESSION [C ('User _ AUTH_KEY ')]); unset ($ _ SESSION); session_destroy (); $ this-> assign ("jumpUrl ", __url __. '/login/'); $ this-> success ('logout successful! ');} Else {$ this-> error (' logged out! ') ;}}?>

Set all url filtering methods in CommonAction

 Assign ('jumpurl', PHP_FILE. C ('User _ AUTH_GATEWAY ');} // error message $ this-> error (L (' _ VALID_ACCESS _'));}}}} public function verify () {// import verification code class // Method 1: import ('org. util. image '); // Method 2: @ represents the lib folder of the current project (you need to copy or write a new class yourself) // import ('@. ORG. imag') // Image: buildImageVerify (); // extended modification/*** @ param string $ length digits * @ param string $ mode type (0 letters, 1 digit, 2 capital letters, 3 lower-case letters, 4 Chinese characters, 5 mixed) * @ param string $ type image format * @ param string $ Width * @ param string $ height * buildImageVerify ($ length = 4, $ mode = 1, $ type = 'PNG ', $ width = 48, $ height = 22, $ verifyName = 'verify ') */Image: buildImageVerify (5, 5, 'PNG', 80, 22); // Chinese verification code (2.0 has a problem: msubstr has an error) // 1. modify function: msubstr // 2. to add the ttf font, you need to put it under the Directory of the same level as the image. // extensions can be viewed in class files. // Image: GBVerify () ;}}?>

Login in the Public folder. Html

 Insert title here