ThinkPHP permission authentication Auth instance details

This article mainly introduces the Auth instance for ThinkPHP permission authentication. For more information, see

This article mainly introduces the Auth instance for ThinkPHP permission authentication. For more information, see

This article provides an in-depth analysis of the implementation principles and methods of ThinkPHP permission authentication Auth in the form of instance code. The specific steps are as follows:

Some SQL code of mysql database:

-- Optimize Table structure for think_auth_group -- -------------------------- drop table if exists 'think _ auth_group '; create table 'think _ auth_group' ('id' mediumint (8) unsigned not null AUTO_INCREMENT, 'title' char (100) not null default '', 'status' tinyint (1) not null default '1', 'rules' char (80) not null default '', primary key ('id') ENGINE = MyISAM AUTO_INCREMENT = 2 default charset = utf8 COMMENT = 'user group table '; -- ---------------------------- Records of think_auth_group -- -------------------------- insert into 'think _ auth_group 'VALUES ('1', 'administrative group', '1', '1, 2 '); -- Optimize Table structure for think_auth_group_access -- -------------------------- drop table if exists 'think _ auth_group_access '; create table 'think _ auth_group_access' ('uid' mediumint (8) unsigned not null comment 'user id', 'Group _ id' mediumint (8) unsigned not null comment 'user group id', unique key 'uid _ group_id '('uid ', 'Group _ id'), KEY 'uid' ('uid'), KEY 'group _ id' ('group _ id ')) ENGINE = MyISAM default charset = utf8 COMMENT = 'user group details'; -- returns Records of think_auth_group_access -- values insert into 'think _ auth_group_access 'values ('1', '1 '); insert into 'think _ auth_group_access 'VALUES ('1', '2'); -- Optimize Table structure for think_auth_rule -- ------------------------ drop table if exists 'think _ auth_rule '; create table 'think _ auth_rule' ('id' mediumint (8) unsigned not null AUTO_INCREMENT, 'name' char (80) not null default ''comment' rule unique identifi ', 'title' char (20) not null default ''comment' Rule Chinese name', 'status' tinyint (1) not null default '1' comment' status: 1 normal, if it is 0 disabled, 'type' char (80) not null, 'condition' char (100) not null default ''comment' rule expression. If it is NULL, it indicates that the rule exists ,, if this parameter is not set to null, it indicates that ', primary key ('id'), and unique key 'name' ('name') are verified by condition ')) ENGINE = MyISAM AUTO_INCREMENT = 5 default charset = utf8 COMMENT = 'Rule table'; -- COMMENT Records of think_auth_rule -- comment insert into 'think _ auth_rule' VALUES ('1 ', 'Home/Index', 'LIST', '1', 'home', ''); insert into 'think _ auth_rule' VALUES ('2 ', 'Home/add', 'add', '1', 'home', ''); insert into 'think _ auth_rule' VALUES ('3 ', 'Home/edit', 'edit', '1', 'home', ''); insert into 'think _ auth_rule' VALUES ('4 ', 'Home/delete', 'delete', '1', 'home', ''); drop table if exists 'think _ user '; create table 'think _ user' ('id' int (11) not null, 'username' varchar (30) default null, 'Password' varchar (32) default null, 'age' tinyint (2) default null, primary key ('id') ENGINE = InnoDB default charset = utf8; -- ---------------------------- Records of think_user -- ---------------------------- insert into 'think _ user' VALUES ('1', 'admin', 'region', '25 ');

Configuration file Application \ Common \ Conf \ config. php section:

<? Phpreturn array (// 'config map '=> 'configuration value' 'db _ DSN' => '', // The database connection DSN is used in the PDO mode 'db _ type' => 'mysql', // The Database TYPE 'db _ host' => 'localhost ', // The server address 'db _ name' => 'thinkphp', // The Database NAME 'db _ user' => 'root ', // username 'db _ pwd' => 'root', // password 'db _ port' => 3306, // port 'db _ prefix' => 'think _ ', // database table PREFIX 'auth _ config' => array ('auth _ on' => true, // authentication switch 'auth _ type' => 1, // authentication method. The value 1 indicates time-based authentication, and the value 2 indicates logon authentication. 'Auth _ group' => 'think _ auth_group ', // user GROUP data table name 'auth _ GROUP_ACCESS' => 'think _ auth_group_access ', // user group list 'auth _ rule' => 'think _ auth_rule ', // permission rule table 'auth _ user' => 'think _ user' // USER information table ));

Application \ Home \ Controller \ IndexController. class. php code of the Home Controller of the project:

<? Phpnamespace Home \ Controller; use Think \ Controller; class IndexController extends Controller {public function index () {$ Auth = new \ Think \ Auth (); // list of rules to be verified, supports comma-separated permission rules or index arrays $ name = MODULE_NAME. '/'. ACTION_NAME; // current user ID $ uid = '1'; // category $ type = MODULE_NAME; // check mode $ mode = 'url '; // 'or' indicates that any rule is verified. // 'and' indicates that all rules must be met before verification $ relation = 'and '; if ($ Auth-> check ($ name, $ uid, $ type, $ mode, $ relation) {die ('authentication: successfully ');} else {die ('authentication: failed ');}}}

The above code is the most basic verification code example.

The following is the source code reading:

1. Permission inspection class Initialization Configuration Information:

$ Auth = new \ Think \ Auth ();

When an object is created, the program merges the configuration information.
The program merges the AUTH_CONFIG array in Application \ Common \ Conf \ config. php.

Public function _ construct () {$ prefix = C ('db _ prefix'); $ this-> _ config ['auth _ group'] = $ PREFIX. $ this-> _ config ['auth _ group']; $ this-> _ config ['auth _ rule'] = $ prefix. $ this-> _ config ['auth _ rule']; $ this-> _ config ['auth _ user'] = $ prefix. $ this-> _ config ['auth _ user']; $ this-> _ config ['auth _ GROUP_ACCESS '] = $ prefix. $ this-> _ config ['auth _ GROUP_ACCESS ']; if (C ('auth _ config') {// you can set the configuration item AUTH_CONFIG, which is an array. $ This-> _ config = array_merge ($ this-> _ config, C ('auth _ config '));}}

2. Check permissions:

Check ($ name, $ uid, $ type = 1, $ mode = 'url', $ relation = 'or ')

Let's take a general analysis of this method.

First, determine whether to disable permission verification. If the configuration information is AUTH_ON => false, no permission verification will be performed. Otherwise, the permission verification will continue.

If (! $ This-> _ config ['auth _ on']) {return true ;}

After obtaining the permission list, we will introduce it in detail:

$ AuthList = $ this-> getAuthList ($ uid, $ type );

The list of rules to be verified this time is converted to an array:

If (is_string ($ name) {$ name = strtolower ($ name); if (strpos ($ name ,',')! = False) {$ name = explode (',', $ name);} else {$ name = array ($ name );}}

Therefore, the $ name parameter is case-insensitive and will eventually be converted to lowercase letters.

When the url mode is enabled, convert all to lowercase:

If ($ mode = 'url') {$ REQUEST = unserialize (strtolower (serialize ($ _ REQUEST )));}

One of the core code segments of permission verification, that is, loop through all the user permissions to determine whether the current permissions to be verified are in the user authorization list: