ThinkPHP学习札记(十九)权限管理的实现方式RBAC
ThinkPHP学习笔记(十九)权限管理的实现方式RBAC
Action的方法
<?php /**
* 基于权限的角色访问控制
* Full扩展保重的RBAC.class.php
*
* 安全拦截器
*
* 认证管理器(识别不同身份)
*
* 决策访问管理器(即时模式:立即生效;登录模式:下次登录时生效)
*
* 运行身份管理(单身份、多身份管理B/S)
*
*
* 需要当前类和Public和Common类
* PublicAction:做用户登录和退出
* CommonAction:初始化接口,需要在这个里面写上一个初始化接口来实现对权限的认证和修改,每个方法都会经过他’
* 如果不需要验证的模块,则不需要继承CommonAction
* 1.去RBAC.class.php中拷贝需要创建的数据库表
* 需要修改access表,加入`pid` int(11) NOT NULL,这个字段
CREATE TABLE IF NOT EXISTS `think_access` (
`role_id` smallint(6) unsigned NOT NULL,
`node_id` smallint(6) unsigned NOT NULL,
`level` tinyint(1) NOT NULL,
`module` varchar(50) DEFAULT NULL,
`pid` int(11) NOT NULL,
KEY `groupId` (`role_id`),
KEY `nodeId` (`node_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `think_node` (
`id` smallint(6) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(20) NOT NULL,
`title` varchar(50) DEFAULT NULL,
`status` tinyint(1) DEFAULT '0',
`remark` varchar(255) DEFAULT NULL,
`sort` smallint(6) unsigned DEFAULT NULL,
`pid` smallint(6) unsigned NOT NULL,
`level` tinyint(1) unsigned NOT NULL,
PRIMARY KEY (`id`),
KEY `level` (`level`),
KEY `pid` (`pid`),
KEY `status` (`status`),
KEY `name` (`name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `think_role` (
`id` smallint(6) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(20) NOT NULL,
`pid` smallint(6) DEFAULT NULL,
`status` tinyint(1) unsigned DEFAULT NULL,
`remark` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `pid` (`pid`),
KEY `status` (`status`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 ;
CREATE TABLE IF NOT EXISTS `think_role_user` (
`role_id` mediumint(9) unsigned DEFAULT NULL,
`user_id` char(32) DEFAULT NULL,
KEY `group_id` (`role_id`),
KEY `user_id` (`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
*
* 2.创建用户表的必须字段:id、username、password
* 五张表的对应关系:
* 节点表:think_node
* 权限表: think_access(
* 项目模块和方法之间的关系;
* 用户访问项目(level为1)、模块(level为2)、方法(level为3)直接的关系用节点来表示)
* 权限组:think_role
* 用户表:tb_user
* 用户和组的对应关系:think_role_user
* access控制组与模块方法的关系
* 3.修改配置文件
* 4.修改CommonAction
* 5.当前方法需要继承CommonAction
*/
class RbacAction extends CommonAction{
public function index(){
}
public function add(){
}
public function update(){
}
public function delete(){
}
}
?>下面上一下五张表的数据
tb_user:用户表
Role权限组表
role_user:权限组与用户的对应关系表
node表:表示当前项目中url分类,精确到每个方法的控制
access表:表示不同用户组对应的可以访问的不同url分类
config中需要设置的参数:
//设置rbac的参数
'USER_AUTH_ON'=>true,
'USER_AUTH_TYPE' =>1, // 默认认证类型 1 登录认证 2 即使认证
'USER_AUTH_KEY' =>'authId', // 用户认证SESSION标记
'ADMIN_AUTH_KEY' =>'administrator',//管理员标识
'USER_AUTH_MODEL' =>'User', // 默认验证数据表模型
'AUTH_PWD_ENCODER' =>'md5', // 用户认证密码加密方式
'USER_AUTH_GATEWAY' =>'/Public/login', // 默认认证网关
'NOT_AUTH_MODULE' =>'Public', // 默认无需认证模块
'REQUIRE_AUTH_MODULE'=>'', // 默认需要认证模块
'NOT_AUTH_ACTION' =>'', // 默认无需认证操作
'REQUIRE_AUTH_ACTION'=>'', // 默认需要认证操作
'GUEST_AUTH_ON' => false, // 是否开启游客授权访问
'GUEST_AUTH_ID' => 0, // 游客的用户ID(可以在数据库组中设置一个id为0的游客组)
'SHOW_RUN_TIME'=>true, // 运行时间显示
'SHOW_ADV_TIME'=>true, // 显示详细的运行时间
'SHOW_DB_TIMES'=>true, // 显示数据库查询和写入次数
'SHOW_CACHE_TIMES'=>true, // 显示缓存操作次数
'SHOW_USE_MEM'=>true, // 显示内存开销
'DB_LIKE_FIELDS'=>'title|remark',
'RBAC_ROLE_TABLE'=>'think_role',
'RBAC_USER_TABLE' => 'think_role_user',
'RBAC_ACCESS_TABLE' => 'think_access',
'RBAC_NODE_TABLE' => 'think_node',PublicAction中需要设置的公共访问方法;(命名基于配置中的NOT_AUTH_MODULE的配置)
<?php /**
* 基于权限的角色访问控制
* Full扩展保重的RBAC.class.php
* 主要用于登录和退出
*
*/
class PublicAction extends Action{
public function index(){
$this->login();
}
public function login(){
$this->display();
}
//可以去例子中复制
public function checkLogin(){
if(empty($_POST['username'])) {
$this->error('帐号错误!');
}elseif (empty($_POST['password'])){
$this->error('密码必须!');
// }elseif (empty($_POST['verify'])){
// $this->error('验证码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $_POST['username'];
// $map["status"] = array('gt',0);
// if($_SESSION['verify'] != md5($_POST['verify'])) {
// $this->error('验证码错误!');
// }
import ( 'ORG.Util.RBAC' );
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if(false === $authInfo) {
$this->error('帐号不存在或已禁用!');
}else {
if($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
// $_SESSION['email'] = $authInfo['email'];
// $_SESSION['loginUserName'] = $authInfo['nickname'];
// $_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
// $_SESSION['login_count'] = $authInfo['login_count'];
if($authInfo['username']=='admin') {
$_SESSION['administrator'] = true;
}
//保存登录信息
// $User = M('User');
// $ip = get_client_ip();
// $time = time();
// $data = array();
// $data['id'] = $authInfo['id'];
// $data['last_login_time'] = $time;
// $data['login_count'] = array('exp','login_count+1');
// $data['last_login_ip'] = $ip;
// $User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!');
}
}
//可以去例子中复制
public function loginout(){
if(isset($_SESSION[C('USER_AUTH_KEY')])) {
unset($_SESSION[C('USER_AUTH_KEY')]);
unset($_SESSION);
session_destroy();
$this->assign("jumpUrl",__URL__.'/login/');
$this->success('登出成功!');
}else {
$this->error('已经登出!');
}
}
}
?>CommonAction中设置所有url的过滤方法
<?php /**
* ThinkPHP中的
* 让其他的Action继承当前的CommonAction就可以了
*/
class CommonAction extends Action{
//去文档的模型扩展看(_initialize方法可以去例子中查找)
function _initialize() {
// 用户权限检查
if (C ( 'USER_AUTH_ON' ) && !in_array(MODULE_NAME,explode(',',C('NOT_AUTH_MODULE')))) {
import ( 'ORG.Util.RBAC' );
if (! RBAC::AccessDecision ()) {
//检查认证识别号
if (! $_SESSION [C ( 'USER_AUTH_KEY' )]) {
//跳转到认证网关
redirect ( PHP_FILE . C ( 'USER_AUTH_GATEWAY' ) );
}
// 没有权限 抛出错误
if (C ( 'RBAC_ERROR_PAGE' )) {
// 定义权限错误页面
redirect ( C ( 'RBAC_ERROR_PAGE' ) );
} else {
if (C ( 'GUEST_AUTH_ON' )) {
$this->assign ( 'jumpUrl', PHP_FILE . C ( 'USER_AUTH_GATEWAY' ) );
}
// 提示错误信息
$this->error ( L ( '_VALID_ACCESS_' ) );
}
}
}
}
public function verify(){
//导入验证码类
//方式一:
import('ORG.Util.Image');
//方式二:@代表当前项目的lib文件夹(需要自己复制或者自己写一个新的类)
// import('@.ORG.Image')
// Image::buildImageVerify();
//扩展修改
/**
* @param string $length 位数
* @param string $mode 类型(0字母,1数字,2大写字母,3小写字母,4中文,5混合)
* @param string $type 图像格式
* @param string $width 宽度
* @param string $height 高度
* buildImageVerify($length=4,$mode=1,$type='png',$width=48,$height=22,$verifyName='verify')
*/
Image::buildImageVerify(5,5,'png',80,22);
//中文验证码(2.0会有一个问题:msubstr有错误)
//1.修改function::msubstr
//2.加入字体ttf需要放入image同级目录之下
//扩展可以去类文件中查看
// Image::GBVerify();
}
}
?>Public文件夹下的login。html
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1359
52
What are the differences between Huawei GT3 Pro and GT4?
Dec 29, 2023 pm 02:27 PM
Many users will choose the Huawei brand when choosing smart watches. Among them, Huawei GT3pro and GT4 are very popular choices. Many users are curious about the difference between Huawei GT3pro and GT4. Let’s introduce the two to you. . What are the differences between Huawei GT3pro and GT4? 1. Appearance GT4: 46mm and 41mm, the material is glass mirror + stainless steel body + high-resolution fiber back shell. GT3pro: 46.6mm and 42.9mm, the material is sapphire glass + titanium body/ceramic body + ceramic back shell 2. Healthy GT4: Using the latest Huawei Truseen5.5+ algorithm, the results will be more accurate. GT3pro: Added ECG electrocardiogram and blood vessel and safety
Fix: Snipping tool not working in Windows 11
Aug 24, 2023 am 09:48 AM
Why Snipping Tool Not Working on Windows 11 Understanding the root cause of the problem can help find the right solution. Here are the top reasons why the Snipping Tool might not be working properly: Focus Assistant is On: This prevents the Snipping Tool from opening. Corrupted application: If the snipping tool crashes on launch, it might be corrupted. Outdated graphics drivers: Incompatible drivers may interfere with the snipping tool. Interference from other applications: Other running applications may conflict with the Snipping Tool. Certificate has expired: An error during the upgrade process may cause this issu simple solution. These are suitable for most users and do not require any special technical knowledge. 1. Update Windows and Microsoft Store apps
What is the difference between null and NULL in c language
Sep 22, 2023 am 11:48 AM
The difference between null and NULL in C language is: null is a macro definition in C language, usually used to represent a null pointer, which can be used to initialize pointer variables, or to determine whether the pointer is null in a conditional statement; NULL is a macro definition in C language A predefined constant in , usually used to represent a null value, used to represent a null pointer, null pointer array or null structure pointer.
How to Fix Can't Connect to App Store Error on iPhone
Jul 29, 2023 am 08:22 AM
Part 1: Initial Troubleshooting Steps Checking Apple’s System Status: Before delving into complex solutions, let’s start with the basics. The problem may not lie with your device; Apple's servers may be down. Visit Apple's System Status page to see if the AppStore is working properly. If there's a problem, all you can do is wait for Apple to fix it. Check your internet connection: Make sure you have a stable internet connection as the "Unable to connect to AppStore" issue can sometimes be attributed to a poor connection. Try switching between Wi-Fi and mobile data or resetting network settings (General > Reset > Reset Network Settings > Settings). Update your iOS version:
What do undefined and null mean?
Nov 20, 2023 pm 02:39 PM
In JavaScript, both undefined and null represent the concept of "nothing": 1. undefined represents an uninitialized variable or a non-existent property. When a variable is declared but no value is assigned to it, the value of the variable is undefined , when accessing properties that do not exist in the object, the returned value is also undefined; 2. null represents an empty object reference. In some cases, the object reference can be set to null to release the memory it occupies.
Using Auth0 for authentication in Java API development
Jun 18, 2023 pm 05:30 PM
In modern software development, identity authentication is a very important security measure. Auth0 is a company that provides identity authentication services. It can help developers quickly implement multiple identity authentication methods (including OAuth2, OpenIDConnect, etc.) and provide safe and reliable authentication services. In this article, we will introduce how to use Auth0 for authentication in JavaAPI development. Step 1: Create an Auth0 account and register the application. First, we need to
When to use null and undefined
Nov 13, 2023 pm 02:11 PM
Both null and undefined indicate a lack of value or an undefined state. Depending on the usage scenario, there are some guiding principles for choosing to use null or undefined: 1. When you need to clearly indicate that a variable is empty or invalid, you can use null; 2. When a variable has been declared but not yet assigned a value, it will be set to undefined by default; 3. When you need to check whether a variable is empty or undefined, use the strict equality operator "===" to determine whether the variable is null or undefined. .
What is the difference between null and undefined
Nov 08, 2023 pm 04:43 PM
The difference between null and undefined is: 1. Semantic meaning; 2. Usage scenarios; 3. Comparison with other values; 4. Relationship with global variables; 5. Relationship with function parameters; 6. Nullability check; 7. Performance considerations; 8. Performance in JSON serialization; 9. Relationship with types. Detailed introduction: 1. Semantic meaning, null usually means knowing that this variable will not have any valid object value, while undefined usually means that the variable has not been assigned a value, or the object does not have this attribute; 2. Usage scenarios, etc.
