How to set page permissions in php

In web development, it is often necessary to display different content to different users or restrict different access rights to pages. As a widely used server-side programming language, PHP provides a wealth of tools and functions to achieve these needs. This article will introduce how to set page permissions using PHP.

1. User login authentication

Before setting page permissions, the user must first be logged in and authenticated. User login authentication can be performed through the following steps:

1. Provide a login form on the page, and the user enters the user name and password.
2. Verify the username and password entered by the user on the backend.
3. If the verification is successful, store the user information in the session and jump to the login success page.
4. If verification fails, return to the login page and prompt the user to re-enter.

The following is a simple user login authentication example:

session_start();

if(isset($_POST['submit'])){
  $username = $_POST['username'];
  $password = $_POST['password'];
  
  // 验证用户名和密码是否正确
  if($username == 'admin' && $password == 'password123'){
    // 用户认证成功
    $_SESSION['user'] = $username;
    header("Location: success.php");
    exit();
  }else{
    // 用户认证失败
    $error_message = "用户名或密码错误";
  }
}

// 显示登录表单

2. Setting page permissions based on user roles

Generally, the functions and operations of different users Permissions are different. We can achieve this by defining different user roles and assigning corresponding permissions to each role. Common user roles include administrators, ordinary users, VIP users, etc.

The following is an example of role permission setting:

session_start();

// 定义用户角色
define('ROLE_ADMIN', 1);
define('ROLE_USER', 2);
define('ROLE_VIP', 3);

// 定义页面和对应的权限
$pages = array(
  'home.php' => ROLE_ADMIN | ROLE_USER | ROLE_VIP,
  'admin.php' => ROLE_ADMIN,
  'user.php' => ROLE_USER | ROLE_VIP,
  'vip.php' => ROLE_VIP
);

// 判断用户是否登录
if(!isset($_SESSION['user'])){
  header("Location: login.php");
  exit();
}

// 获取当前用户角色
$user_role = ROLE_USER; // 默认为普通用户

if($_SESSION['is_admin']){
  $user_role = ROLE_ADMIN;
}else if($_SESSION['is_vip']){
  $user_role = ROLE_VIP;
}

// 判断当前页面是否需要用户权限
$current_page = basename($_SERVER['SCRIPT_FILENAME']);

if(isset($pages[$current_page])){
  $required_role = $pages[$current_page];
  
  // 判断用户是否有访问该页面的权限
  if(($required_role & $user_role) == 0){
    // 用户无权限访问该页面
    header("HTTP/1.1 401 Unauthorized");
    exit();
  }
}

In the above example, we first define three constants, representing different user roles. Then an array $pages is defined to store the user permissions corresponding to each page. Then it determines whether the user is logged in and the user's role. Finally, determine whether the current page requires access permission, and if so, determine whether the current user has permission to access the page.

3. Set page permissions based on user groups

In addition to setting page permissions based on user roles, we can also achieve page permission control by grouping users and assigning permissions to each group. . The following is an example of setting page permissions based on user groups:

session_start();

// 定义用户组
define('GROUP_ADMIN', 1);
define('GROUP_USER', 2);
define('GROUP_VIP', 3);

// 定义每个用户所属的组
$users = array(
  array('id' => 1, 'username' => 'admin', 'password' => 'password123', 'group' => GROUP_ADMIN),
  array('id' => 2, 'username' => 'user1', 'password' => '123456', 'group' => GROUP_USER),
  array('id' => 3, 'username' => 'vip1', 'password' => '654321', 'group' => GROUP_VIP)
);

// 定义页面和对应的权限
$pages = array(
  'home.php' => array(GROUP_ADMIN, GROUP_USER, GROUP_VIP),
  'admin.php' => array(GROUP_ADMIN),
  'user.php' => array(GROUP_USER, GROUP_VIP),
  'vip.php' => array(GROUP_VIP)
);

// 判断用户是否登录
if(!isset($_SESSION['user'])){
  header("Location: login.php");
  exit();
}

// 获取当前用户所属的用户组
$user_group = 0;

foreach($users as $user){
  if($_SESSION['user'] == $user['username']){
    $user_group = $user['group'];
    break;
  }
}

// 判断当前页面是否需要用户权限
$current_page = basename($_SERVER['SCRIPT_FILENAME']);

if(isset($pages[$current_page])){
  $required_groups = $pages[$current_page];
  
  // 判断用户是否有访问该页面的权限
  if(!in_array($user_group, $required_groups)){
    // 用户无权限访问该页面
    header("HTTP/1.1 401 Unauthorized");
    exit();
  }
}

In the above example, we defined three user groups and assigned each user to a group. Then an array $pages is defined to store the user group permissions corresponding to each page. Then determine whether the user is logged in and obtain the user group to which the user belongs. Finally, it is judged whether the current page requires access permission. If so, it is judged whether the user group to which the current user belongs has the permission to access the page.

In summary, through the above methods, we can easily implement page permission control in PHP. In practical applications, it is necessary to choose a suitable method according to actual needs.

The above is the detailed content of How to set page permissions in php. For more information, please follow other related articles on the PHP Chinese website!