基于原生PHP交叉会员权限控制
基于原生PHP交叉会员权限控制
对于一个网站的后台管理系统,单一的超级管理员权限往往不能满足我们的需求,尤其是对于大型网站而言,这种单一的权限会引发许许多多的问题出现。
比如:一个网站编辑,平时他只是负责公司网站的公告更新,但如果网站后台没有严格的权限限制,他是不是就可以操作到客户的一些信息,这是存在很大隐患的。
如果学过ThinkPHP框架的朋友一定知道有个东西叫RBAC,今天咱不说那个,来说说在原生PHP语言中,怎么实现交叉权限控制。
好了,话不多说,老样子,直接说原理,上代码。
对于权限的交叉控制可以有很多种方法实现,这里只是提供一种思路:(我采用的是二进制数的方法)
一、这里先提下按位与和按位或的运算方法:
1、按位与运算符(&)
参加运算的两个数据,按二进制位进行“与”运算。(“与”运算=>是否有包含的值如:7&8=0)
运算规则:0&0=0; 0&1=0; 1&0=0; 1&1=1;
即:两位同时为“1”,结果才为“1”,否则为0
例如:3&5 即 0000 0011 & 0000 0101 = 0000 0001 因此,3&5的值得1。
另,负数按补码形式参加按位与运算。
2、按位或运算符(|)
参加运算的两个对象,按二进制位进行“或”运算。(“或”运算=>能包含的值如:7=4|2|1,用“异或”去除包含如:7^2)
运算规则:0|0=0; 0|1=1; 1|0=1; 1|1=1;
即 :参加运算的两个对象只要有一个为1,其值为1。
例如:3|5 即 0000 0011 | 0000 0101 = 0000 0111 因此,3|5的值得7。
另,负数按补码形式参加按位或运算。
了解了按位与和按位或的运算,我们来看下面这个例子:
复制代码
1
2 define('ADD',1);//二进制1
3 define('DELETE',2);//二进制10
4 define('UPDATE',4);//二进制100
5 define('SELECT',8);//二进制1000
6
7 //有权限为1,没有权限为0
8 $admin=ADD|DELETE|UPDATE|SELECT;//1111
9 $editor=ADD|UPDATE|SELECT;//1101
10 $user=SELECT;//1000
11 ?>
复制代码
我把增删改查分别做成了4个权限并定为常量
1的二进制数是1,2的二进制数是10,4的二进制数是100,8的二进制数是1000,这里刚好成一个规律
可能有些朋友会问上面权限变量admin,editor,user所对应的1111,1101,1000是怎么来的?
PHP里有一个十进制数转二进制数的函数叫decbin()
下面是对应的函数解释:
复制代码
decbin
(PHP 3, PHP 4, PHP 5)
decbin -- 十进制转换为二进制
说明
string decbin ( int number )
返回一字符串,包含有给定 number 参数的二进制表示。所能转换的最大数值为十进制的 4294967295,其结果为 32 个 1 的字符串。
例子 1. decbin() 范例
echo decbin(12) . "\n";
echo decbin(26);
?>
上例将输出:
1100
11010
参见 bindec(),decoct(),dechex() 和 base_convert()。
复制代码
我们来测试输出看看吧:
复制代码
1
2
3
4 define('ADD',1);//二进制1
5 define('DELETE',2);//二进制10
6 define('UPDATE',4);//二进制100
7 define('SELECT',8);//二进制1000
8
9 //有权限为1,没有权限为0
10 $admin=ADD|DELETE|UPDATE|SELECT;//1111 15
11 $editor=ADD|UPDATE|SELECT;//1101 13
12 $user=SELECT;//1000 8
13
14 echo decbin($admin)."
";
15 echo decbin($editor)."
";
16 echo decbin($user)."
";
17
18
19 ?>
复制代码
输出结果:
那么我们就可以运用这个运算来判断权限了,1代表有权限,0代表无权限
比如:
admin(超级管理员)拥有的权限是增删改查也就是1111——>0000 1111
editor(网站编辑)拥有的权限是增,改,查也就是1101——>0000 1101
user(普通用户)只拥有浏览、查询的权限也就是1000——>0000 1000
那么我们只要对它们进行按位与运算就可以判断是否具备权限了
例如:(从后往前看) 取十进制(数据库存储类型值)转二进制进行"与"运算
网站编辑权限 0000 1101(权限十进制为13) & 0000 0010(删除权限十进制为2转二进制为10) 结果:0000 0000 也就是没有具备权限
再来试试
普通用户权限 0000 1000 & 0000 0001(添加权限十进制为1二进制为1) 结果:0000 0000 也一样不具备权限
超级管理员权限0000 1111 & 0000 1101(网站编辑的权限) 结果:0000 1101 也就是具备了网站编辑的权限
好了看具体实例吧
我建了一个数据库,里面有2张表
一张是user用户表:
gid代表权限表的组id
一张是权限表:
flag代表增删改查的权限,可根据自己需要定义
基本配置页面:config.php
复制代码
1
2
3 define('HOST','localhost');
4 define('DBNAME','member');
5 define('USER', 'root');
6 define('PASS', '');
7
8
9 $link=@mysql_connect(HOST,USER,PASS) or die('数据库连接失败');
10
11 mysql_select_db(DBNAME,$link);
12
13 define('ADD',1);//二进制1
14 define('DELETE',2);//二进制10
15 define('UPDATE',4);//二进制100
16 define('SELECT',8);//二进制1000
17
18 //有权限为1,没有权限为0
19 $admin=ADD|DELETE|UPDATE|SELECT;//1111
20 $editor=ADD|UPDATE|SELECT;//1101
21 $user=SELECT;//1000
22 ?>
复制代码
登陆首页:index.html
复制代码
1
2
3
4
5
6
7
8
13
14
复制代码
提交页面:action.php
复制代码
1
2
3 require_once('config.php');
4 $username=$_POST['username'];
5 $password=$_POST['password'];
6
7
8 $sql="select * from user as a,role as b where a.gid=b.gid
9 and a.username='$username' and password='$password'";
10
11 $result=mysql_query($sql);
12 if($data=mysql_fetch_array($result)){
13 //账号验证通过,判断对应权限
14 //此处判断的是 是否具备删除权限 如:user数据库存储的值为8转二进制为1000 删除权限的值为2转二进制为0010 与运算0000 无权限
15 if($data['flag']&DELETE){
16 echo "你有删除权限";
17 }else{
18 echo "你没有删除权限";
19 }
20
21 }else{
22 echo "错误账号密码";
23 }
24
25
26 ?>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to buy WeChat reading membership cheaply? Share the best way to buy membership on WeChat Reading!
Mar 16, 2024 am 08:22 AM
1. How to buy WeChat reading membership cheaply? Share the best way to buy membership on WeChat Reading! 1. Open the WeChat Reading APP. There is a reading challenge in the reading welfare special session. Participate in the reading challenge. 2. Pay 1 yuan to participate, read for 7 days, duration >7 hours, and get a 4-day paid membership card with 4 book coins. You can participate for about 52 weeks in a year. If you participate every time, it will cost a total of 52 yuan, and you can get a total of 208 days. Paid membership card 208 book coins. 3. Pay 3 yuan to participate, read for 14 days, duration >14 hours, and get a 10-day paid membership card with 10 book coins. You can participate about 26 times a year. If you participate every time, it will cost a total of 78 yuan, and you can get a total of 260 days. Paid membership card costs 260 book coins. 4. Pay 4 yuan to participate and read for 21 days
Enable root permissions with one click (quickly obtain root permissions)
Jun 02, 2024 pm 05:32 PM
It allows users to perform more in-depth operations and customization of the system. Root permission is an administrator permission in the Android system. Obtaining root privileges usually requires a series of tedious steps, which may not be very friendly to ordinary users, however. By enabling root permissions with one click, this article will introduce a simple and effective method to help users easily obtain system permissions. Understand the importance and risks of root permissions and have greater freedom. Root permissions allow users to fully control the mobile phone system. Strengthen security controls, customize themes, and users can delete pre-installed applications. For example, accidentally deleting system files causing system crashes, excessive use of root privileges, and inadvertent installation of malware are also risky, however. Before using root privileges
How to get qq music membership for free? Tutorial on getting QQ Music membership for free
Mar 13, 2024 pm 08:37 PM
QQ Music is a music-listening software used by many users. Some songs here require users to have membership before they can download and play them. So how to get QQ Music membership for free? Let this site give users a detailed introduction to the tutorial on how to obtain QQ Music membership for free. Tutorial on getting QQ Music membership for free 1. First, we open QQ Music. 2. Go to my homepage and click on the three horizontal lines in the upper right corner. 3. Click to open the free music listening mode here. 4. A 15-second advertisement will appear here. We only need to wait for the advertisement to end to get a thirty-minute membership experience. Experience time can be superimposed. 5. Obtain a membership after reading it. Receive 1 day of QQ music
Instructions for automatic renewal and cancellation of Kugou Music APP membership
Mar 19, 2024 pm 07:28 PM
How to cancel automatic membership renewal on Kugou Music APP? There are many users who have applied for Kugou Music’s VIP auto-renewal service. Later, they want to cancel this service, but they don’t know where to cancel it. Below, I will bring you a tutorial on how to cancel the auto-renewal of Kugou Music. I hope it will be helpful to everyone. . It is very simple to cancel automatic renewal in Kugou Music APP: just enter the member center, find the music package/luxury VIP option, select automatic renewal enabled, and then click to close renewal. 2. WeChat: As shown in the picture below, go to the payment page, click the three dots in the upper right corner, select the deduction service, click Kugou Music to close the service; 3. Alipay: Go to the settings page, select payment settings, and select password-free payment/ Automatically deduct fees, and finally choose Kugou Music to terminate the contract.
How to get Bilibili membership for free? Free for big members of B station
Mar 15, 2024 pm 05:00 PM
Bilibili is a video playback platform with rich resources, including a dance area, ghost animal area, food area, animal area, etc. But now many times you need to be a member to watch videos on site B. If you don’t want to spend money, can you get a member of site B? The editor here will bring you how to get the free membership of Bilibili. I hope it can help you. How to get free membership on Bilibili: Open Bilibili and click "My". Click the "Creation Home" icon in the "Creation Center" area. After entering the creation center, click "Task Center". After entering the task center, read the corresponding tasks and complete them to get points.
How to cancel automatic renewal for Zhihu app members How to cancel automatic renewal for Zhihu app members
Mar 13, 2024 am 11:04 AM
How to cancel the automatic renewal of Zhihu app membership? Zhihu app is a very practical mobile software. This software has many functions, and each function will bring a different feeling to the users. There are some contents on this software that require users to register as a member before they can read them. Membership on this software is not expensive, and continuous monthly membership will be cheaper. Some players want to know how to cancel automatic renewal. The editor below has compiled methods for canceling automatic renewal for your reference. How to cancel automatic renewal for Zhihu app members Zhihu members can choose four renewal methods, including Apple Pay, WeChat Pay, Alipay Pay and Baidu Pay. For users who choose Baidu Pay, renewal can be managed through WeChat or Alipay payment.
How to set permission access in QQ space
Feb 23, 2024 pm 02:22 PM
How to set permission access in QQ space? You can set permission access in QQ space, but most friends don’t know how to set permission access in QQ space. Next is the diagram of how to set permission access in QQ space brought by the editor for users. Text tutorial, interested users come and take a look! QQ usage tutorial QQ space how to set permission access 1. First open the QQ application, click [Avatar] in the upper left corner of the main page; 2. Then expand the personal information area on the left and click the [Settings] function in the lower left corner; 3. Enter the settings page Swipe to find the [Privacy] option; 4. Next in the privacy interface, select the [Permission Settings] service; 5. Then challenge to the latest page and select [Space Dynamics]; 6. Set up in QQ Space again
How to become a member of Xianyu_Introduction to how to activate VIP membership of Xianyu
Mar 20, 2024 pm 05:50 PM
The "VIP membership" function in Xianyu APP is a value-added service provided to users. Users who become VIP members can enjoy a series of privileges and benefits, such as increased product exposure, more display opportunities, exclusive customer service, transaction guarantee upgrades, etc., which help improve users’ buying and selling experience and efficiency. How to become a member of Xianyu 1. First open the Xianyu software. After entering the homepage, you can switch to different pages. Here we click [My] in the lower right corner; 2. Then we can view many different pages in For information, we need to click [My Fish Value]; 3. After the final click, we can activate VIP membership on this page;
