How to use PHP and SQLite for data permissions and access control

How to use PHP and SQLite for data permissions and access control

Introduction:
In modern applications, data permissions and access control are very important functions. Users may need to access and operate different data based on different roles and permission levels. This article will introduce how to use PHP and SQLite databases to implement data permissions and access control functions, with code examples.

1. Create database table structure:
First, we need to create a SQLite database and define the table structure used to store user and permission information. The following is a simple example:

CREATE TABLE users (
    id INTEGER PRIMARY KEY AUTOINCREMENT,
    username TEXT NOT NULL,
    password TEXT NOT NULL,
    role TEXT NOT NULL
);

CREATE TABLE permissions (
    id INTEGER PRIMARY KEY AUTOINCREMENT,
    role TEXT NOT NULL,
    resource TEXT NOT NULL,
    action TEXT NOT NULL
);

In the users table, we store the user's id, username, password and role information. In the permissions table, we define the resources and operations corresponding to the role.

2. User authentication:
Before implementing data permissions and access control, we first need to perform user authentication. This can be done with a login page and corresponding PHP code. The following is a simple example:

<?php
session_start();

if(isset($_POST["login"])) {
    // 获取用户输入的用户名和密码
    $username = $_POST["username"];
    $password = $_POST["password"];
    
    // 连接数据库
    $db = new SQLite3("database.db");
    
    // 查询用户信息
    $query = "SELECT * FROM users WHERE username = :username AND password = :password";
    $statement = $db->prepare($query);
    $statement->bindValue(":username", $username);
    $statement->bindValue(":password", $password);
    $result = $statement->execute();
    
    // 验证用户身份
    if($row = $result->fetchArray()) {
        $_SESSION["username"] = $row["username"];
        $_SESSION["role"] = $row["role"];
        
        // 跳转到主页或指定页面
        header("Location: home.php");
        exit;
    } else {
        echo "Invalid username or password.";
    }
}
?>

<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
</head>
<body>
    <h2>Login</h2>
    <form method="post" action="">
        <input type="text" name="username" placeholder="Username" required><br>
        <input type="password" name="password" placeholder="Password" required><br>
        <input type="submit" name="login" value="Login">
    </form>
</body>
</html>

In the above code, first we obtain the user name and password entered by the user, and then query the database to verify the user's identity. If the verification is successful, we store the user information in the session and jump to the home page or specified page.

3. Data permission control:
After successful user authentication, we can restrict the user's access to and operations on data based on their role. The following is a simple example that shows how to use permission tables for data permission control:

<?php
session_start();

if(!isset($_SESSION["username"])) {
    header("Location: login.php");
    exit;
}

// 连接数据库
$db = new SQLite3("database.db");

// 查询用户角色对应的权限
$query = "SELECT * FROM permissions WHERE role = :role";
$statement = $db->prepare($query);
$statement->bindValue(":role", $_SESSION["role"]);
$result = $statement->execute();

// 构建权限数组
$permissions = [];
while($row = $result->fetchArray()) {
    $permissions[$row["resource"]] = $row["action"];
}

// 示例代码 - 检查权限并执行操作
if(isset($permissions["data"]) && $permissions["data"] == "read") {
    // 用户有读取数据的权限，执行相应操作
    $query = "SELECT * FROM data";
    $result = $db->query($query);
    
    while($row = $result->fetchArray()) {
        echo $row["id"] . " - " . $row["name"] . "<br>";
    }
} else {
    echo "Access denied.";
}

?>

In the above code, we first query the database to obtain the permission information corresponding to the current user role. Then restrict the user's access to and operations on the data based on the permission information. In the sample code, we only show examples of read operations. If the user does not have the corresponding permissions, we will display an access denied prompt.

Conclusion:
Through the above example code, we can see how to use PHP and SQLite database to implement data permissions and access control functions. This is a simple example that can be extended and improved based on actual needs. In practical applications, it is recommended to perform secure validation of user input to prevent SQL injection and other security vulnerabilities.

The above is the detailed content of How to use PHP and SQLite for data permissions and access control. For more information, please follow other related articles on the PHP Chinese website!