Home Backend Development PHP Tutorial Use PHP and MySQL to implement a powerful user rights control system

Use PHP and MySQL to implement a powerful user rights control system

Jun 25, 2023 am 10:04 AM
mysql php Permission control

In modern web applications, user permission control is crucial. To ensure the security and integrity of an application, user access to specific operations and information must be restricted and the specific tasks that users are allowed to perform must be defined. In this article, I will introduce how to use PHP and MySQL to create a powerful user permission control system to ensure the security and integrity of your web applications.

1. Design of database tables

In the MySQL database, we need at least two tables to implement the user authority control system. The first table records basic information for all users, including username, password, and email address. The second table is the permissions table, which records the permissions of each role/user group. Therefore, we need to create the following two tables in the database:

  1. users table

CREATE TABLE users (
id int(11) NOT NULL AUTO_INCREMENT,
username varchar(50) NOT NULL,
password varchar(255) NOT NULL,
email varchar(100) NOT NULL,
PRIMARY KEY (id)
);

  1. roles table

CREATE TABLE roles (
id int(11) NOT NULL AUTO_INCREMENT,
name varchar(50) NOT NULL,
PRIMARY KEY (id)
);

We also need a table that associates users with roles. This table maps user IDs to role IDs. Let's create this table.

  1. role_user table

CREATE TABLE role_user (
role_id int(11) NOT NULL,
user_id int(11) NOT NULL,
PRIMARY KEY (role_id,user_id),
CONSTRAINT FK_role_user_role_id FOREIGN KEY (role_id) REFERENCES roles (id),
CONSTRAINT FK_role_id_user_id FOREIGN KEY (user_id) REFERENCES users (id)
);

2. Implementation of user rights control system

Now we have created the required database Now we can start implementing a user permissions control system for our application. Here are some basic concepts:

  1. Role

A role is a logical structure that associates a set of permissions together. For example, we can create an "Administrator" role and grant all administrative-related permissions to this role.

  1. Permissions

Permissions are the control rights of a certain function. For example, view, create, edit, and delete users are different permissions. Granting these permissions to specific roles limits users' access.

  1. User

A user is an individual who interacts with an application. Each user will be assigned one or more roles, which define the actions the user can perform and access.

Now let’s see how to implement this system.

  1. Create User

For each new user, we need to create a corresponding user record. We will create a record in the "users" table for each user, including username, password, and email address. Use the following code to create the user.

function create_user($username, $password, $email) {
  // Encrypt password
  $encrypted_password = password_hash($password, PASSWORD_DEFAULT);

  // Prepare SQL statement
  $sql = "INSERT INTO users (username, password, email) VALUES (?, ?, ?)";

  // Bind parameters
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("sss", $username, $encrypted_password, $email);

  // Execute statement
  if ($stmt->execute()) {
    return true;
  } else {
    return false;
  }
}
Copy after login
  1. Create a role

Creating a role is very simple, just insert a record in the "roles" table. Here's an example.

function create_role($name) {
  // Prepare SQL statement
  $sql = "INSERT INTO roles (name) VALUES (?)";

  // Bind parameters
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("s", $name);

  // Execute statement
  if ($stmt->execute()) {
    return true;
  } else {
    return false;
  }
}
Copy after login
  1. Assign User Roles

Now that we have created users and roles, we need to associate them. Roles can be assigned by inserting the role ID and user ID into the "role_user" table. Below is some sample code.

function assign_role_to_user($role_id, $user_id) {
  // Prepare SQL statement
  $sql = "INSERT INTO role_user (role_id, user_id) VALUES (?, ?)";

  // Bind parameters
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("ii", $role_id, $user_id);

  // Execute statement
  if ($stmt->execute()) {
    return true;
  } else {
    return false;
  }
}
Copy after login
  1. Check if the user has permission

Finally, we need to check if the user has permission to perform an operation. We will find all the roles the user belongs to and check if the roles have the required permissions. Returns true if the user has permission, false if not. Below is some sample code.

function has_permission($user_id, $permission) {
  // Fetch user roles
  $sql = "SELECT role_id FROM role_user WHERE user_id = ?";
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("i", $user_id);
  $stmt->execute();
  $result = $stmt->get_result();

  // Check if any role has permission
  while ($row = $result->fetch_assoc()) {
    $sql2 = "SELECT permissions FROM roles WHERE id = " . $row['role_id'];
    $result2 = $conn->query($sql2);

    if ($result2->num_rows == 1) {
      $row2 = $result2->fetch_assoc();

      $permissions = json_decode($row2['permissions'], true);

      if (in_array($permission, $permissions)) {
        return true;
      }
    }
  }

  // Permission not found
  return false;
}
Copy after login

3. Summary

Using PHP and MySQL to create a user permission control system can ensure the security and integrity of web applications. We can restrict user access to specific operations and information based on roles and permissions. With this system, we can protect web applications from unauthorized access, thus improving overall security.

The above is the detailed content of Use PHP and MySQL to implement a powerful user rights control system. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

CakePHP File upload CakePHP File upload Sep 10, 2024 pm 05:27 PM

To work on file upload we are going to use the form helper. Here, is an example for file upload.

Discuss CakePHP Discuss CakePHP Sep 10, 2024 pm 05:28 PM

CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu

How to fix mysql_native_password not loaded errors on MySQL 8.4 How to fix mysql_native_password not loaded errors on MySQL 8.4 Dec 09, 2024 am 11:42 AM

One of the major changes introduced in MySQL 8.4 (the latest LTS release as of 2024) is that the "MySQL Native Password" plugin is no longer enabled by default. Further, MySQL 9.0 removes this plugin completely. This change affects PHP and other app

How To Set Up Visual Studio Code (VS Code) for PHP Development How To Set Up Visual Studio Code (VS Code) for PHP Development Dec 20, 2024 am 11:31 AM

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

CakePHP Quick Guide CakePHP Quick Guide Sep 10, 2024 pm 05:27 PM

CakePHP is an open source MVC framework. It makes developing, deploying and maintaining applications much easier. CakePHP has a number of libraries to reduce the overload of most common tasks.

How do you parse and process HTML/XML in PHP? How do you parse and process HTML/XML in PHP? Feb 07, 2025 am 11:57 AM

This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an

CakePHP Useful Resources CakePHP Useful Resources Sep 10, 2024 pm 05:27 PM

The following resources contain additional information on CakePHP. Please use them to get more in-depth knowledge on this.

See all articles