How to implement user rights management with PHP and UniApp

WBOY
Release: 2023-07-04 09:22:01
Original
1634 people have browsed it

How PHP and UniApp implement user rights management

In Web development, user rights management is a very important function. It can control users' access rights to different functions and resources in the system and ensure the security and integrity of the system. This article will introduce how to use PHP and UniApp to implement user rights management, with corresponding code examples.

1. Database design

Before we begin, we first need to design a database to store user and permission-related information. The following is a simple database design:

  1. User table (user): used to store basic information of users, including user ID, user name, password, etc.
  2. Role table (role): used to store role information, including role ID, role name, etc.
  3. Permission table (permission): used to store permission information of functions and resources in the system, including permission ID, permission name, etc.
  4. User role association table (user_role): used to establish the association between users and roles.
  5. Role permission association table (role_permission): used to establish the association between roles and permissions.

2. PHP backend implementation

  1. User login verification

When a user logs in, we need to verify whether the user’s username and password are correct. The following is a simple login verification code example:

<?php
// 获取用户提交的用户名和密码
$username = $_POST['username'];
$password = $_POST['password'];

// 查询数据库验证用户信息
$query = "SELECT * FROM user WHERE username='$username' AND password='$password'";
$result = mysqli_query($connection, $query);

// 如果查询结果有一条记录,则登录成功;否则登录失败
if (mysqli_num_rows($result) == 1) {
    // 登录成功,生成并返回一个token给客户端
    $token = generateToken($username);
    echo json_encode(['status' => 'success', 'token' => $token]);
} else {
    // 登录失败
    echo json_encode(['status' => 'failed', 'message' => 'Invalid username or password']);
}
?>
Copy after login
  1. User permission verification

When verifying user permissions, we need to find the corresponding permissions based on the user's role. The following is a simple permission verification code example:

<?php
// 获取用户提交的token和权限id
$token = $_POST['token'];
$permissionId = $_POST['permissionId'];

// 验证token是否有效
if (validateToken($token)) {
    // 查询用户对应的角色
    $query = "SELECT role_id FROM user_role WHERE user_id='$userId'";
    $result = mysqli_query($connection, $query);
    $roleIds = mysqli_fetch_all($result, MYSQLI_ASSOC);
    
    // 查询角色对应的权限
    $query = "SELECT * FROM role_permission WHERE role_id IN (" . implode(',', $roleIds) . ")";
    $result = mysqli_query($connection, $query);
    $permissions = mysqli_fetch_all($result, MYSQLI_ASSOC);
    
    // 验证用户是否具有该权限
    $hasPermission = false;
    foreach ($permissions as $permission) {
        if ($permission['permission_id'] == $permissionId) {
            $hasPermission = true;
            break;
        }
    }
    
    // 返回验证结果给客户端
    echo json_encode(['hasPermission' => $hasPermission]);
} else {
    // token无效
    echo json_encode(['hasPermission' => false]);
}
?>
Copy after login

3. UniApp front-end implementation

  1. User login page

In the user login page, we need Send the username and password entered by the user to the backend for verification, and obtain the returned token. The following is a simple login page code example:

<template>
  <view>
    <input v-model="username" type="text" placeholder="Username" />
    <input v-model="password" type="password" placeholder="Password" />
    <button @click="login">Login</button>
  </view>
</template>

<script>
export default {
  data() {
    return {
      username: '',
      password: ''
    }
  },
  methods: {
    login() {
      // 发送登录请求给后端
      uni.request({
        url: '/api/login.php',
        method: 'POST',
        data: {
          username: this.username,
          password: this.password
        },
        success: (res) => {
          if (res.data.status === 'success') {
            // 登录成功,保存token到本地
            uni.setStorageSync('token', res.data.token);
            uni.navigateTo({
              url: '/pages/home/home'
            });
          } else {
            // 登录失败,提示错误信息
            uni.showToast({
              title: res.data.message,
              icon: 'none'
            });
          }
        }
      });
    }
  }
}
</script>
Copy after login
  1. Permission verification

On the page that needs to verify user permissions, we need to send the user's token and permission ID to end for verification. The following is a simple permission verification code example:

export default {
  data() {
    return {
      hasPermission: false
    }
  },
  mounted() {
    // 发送权限验证请求给后端
    uni.request({
      url: '/api/validatePermission.php',
      method: 'POST',
      data: {
        token: uni.getStorageSync('token'),
        permissionId: 1 // 需要验证的权限ID
      },
      success: (res) => {
        this.hasPermission = res.data.hasPermission;
      }
    });
  }
}
Copy after login

Through the above method, we can implement user permission management functions based on PHP and UniApp. When a user logs in, we verify the user's username and password and generate a token to return to the client. The client saves the token locally and sends it to the backend for verification where verification permissions are required. The backend searches for the role and permissions corresponding to the user based on the token, and returns the permission verification results to the client.

I hope this article can help you understand how PHP and UniApp implement user rights management. Of course, there may be more complex requirements in actual projects, but the core idea is the same. As long as we follow good database design and reasonable code logic, we can implement a safe and reliable user rights management system.

The above is the detailed content of How to implement user rights management with PHP and UniApp. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!