一,先创建数据表
1、think_auth_rule,规则表
id:主键,
name:规则唯一标识,
title:规则中文名称
status 状态:为1正常,为0禁用,
condition:规则表达式,为空表示存在就验证,不为空表示按照条件验证
- DROP TABLE IF EXISTS `think_auth_rule`;
- CREATE TABLE `think_auth_rule` (
- `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
- `name` char(80) NOT NULL DEFAULT '',
- `title` char(20) NOT NULL DEFAULT '',
- `type` tinyint(1) NOT NULL DEFAULT '1',
- `status` tinyint(1) NOT NULL DEFAULT '1',
- `condition` char(100) NOT NULL DEFAULT '', # 规则附件条件,满足附加条件的规则,才认为是有效的规则
- PRIMARY KEY (`id`),
- UNIQUE KEY `name` (`name`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
id:主键,
title:用户组中文名称,
rules:用户组拥有的规则id, 多个规则","隔开,
status 状态:为1正常,为0禁用
- DROP TABLE IF EXISTS `think_auth_group`;
- CREATE TABLE `think_auth_group` (
- `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
- `title` char(100) NOT NULL DEFAULT '',
- `status` tinyint(1) NOT NULL DEFAULT '1',
- `rules` char(80) NOT NULL DEFAULT '',
- PRIMARY KEY (`id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
uid:用户id,
group_id:用户组id
- DROP TABLE IF EXISTS `think_auth_group_access`;
- CREATE TABLE `think_auth_group_access` (
- `uid` mediumint(8) unsigned NOT NULL,
- `group_id` mediumint(8) unsigned NOT NULL,
- UNIQUE KEY `uid_group_id` (`uid`,`group_id`),
- KEY `uid` (`uid`),
- KEY `group_id` (`group_id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
4.既然是对后台管理员权限认证,所以还需要创建后台管理员表think_admin
- DROP TABLE IF EXISTS `think_admin`;
- CREATE TABLE `think_admin` (
- `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '管理员ID',
- `username` varchar(255) DEFAULT NULL COMMENT '管理员账号',
- `password` varchar(32) DEFAULT NULL COMMENT '管理员密码',
- `ip` varchar(255) DEFAULT NULL COMMENT '最后登录IP地址',
- `login_time` int(11) DEFAULT NULL COMMENT '最后登录时间',
- `login_count` mediumint(8) NOT NULL COMMENT '登录次数',
- `status` tinyint(1) NOT NULL DEFAULT '1' COMMENT '账户状态,禁用为0 启用为1',
- `create_time` int(11) DEFAULT NULL COMMENT '创建时间',
- PRIMARY KEY (`id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
5.创建一张网站会员用户表think_user,权限认证(后台管理员对用户表的增删改查的权限)
- DROP TABLE IF EXISTS `think_user`;
- CREATE TABLE `think_user` (
- `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '管理员ID',
- `username` varchar(255) DEFAULT NULL COMMENT '管理员账号',
- `password` varchar(32) DEFAULT NULL COMMENT '管理员密码',
- `ip` varchar(255) DEFAULT NULL COMMENT '最后登录IP地址',
- `login_time` int(11) DEFAULT NULL COMMENT '最后登录时间',
- `login_count` mediumint(8) NOT NULL COMMENT '登录次数',
- `status` tinyint(1) NOT NULL DEFAULT '1' COMMENT '账户状态,禁用为0 启用为1',
- `create_time` int(11) DEFAULT NULL COMMENT '创建时间',
- PRIMARY KEY (`id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- #便于测试,插入几条数据
- insert into think_user (`username`,`password`) values('zhangsan','123456');
- insert into think_user (`username`,`password`) values('lisi','123456');
- insert into think_user (`username`,`password`) values('wangwu','123456');
二,在使用Auth类前需要配置config.php
- 'AUTH_CONFIG'=>array(
- 'AUTH_ON' => true, //认证开关
- 'AUTH_TYPE' => 1, // 认证方式,1为时时认证;2为登录认证。
- 'AUTH_GROUP' => 'think_auth_group', //用户组数据表名
- 'AUTH_GROUP_ACCESS' => 'think_auth_group_access', //用户组明细表
- 'AUTH_RULE' => 'think_auth_rule', //权限规则表
- 'AUTH_USER' => 'think_admin'//用户信息表
- )
补充:完整的sql
- # ************************************************************
- # Sequel Pro SQL dump
- # Version 4499
- #
- # http://www.sequelpro.com/
- # https://github.com/sequelpro/sequelpro
- #
- # Host: localhost (MySQL 5.5.42)
- # Database: thinkphp
- # Generation Time: 2015-12-15 03:03:54 +0000
- # ************************************************************
- /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
- /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
- /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
- /*!40101 SET NAMES utf8 */;
- /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
- /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
- /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
- # Dump of table think_admin
- # ------------------------------------------------------------
- DROP TABLE IF EXISTS `think_admin`;
- CREATE TABLE `think_admin` (
- `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '管理员ID',
- `username` varchar(255) DEFAULT NULL COMMENT '管理员账号',
- `password` varchar(32) DEFAULT NULL COMMENT '管理员密码',
- `ip` varchar(255) DEFAULT NULL COMMENT '最后登录IP地址',
- `login_time` int(11) DEFAULT NULL COMMENT '最后登录时间',
- `login_count` mediumint(8) NOT NULL COMMENT '登录次数',
- `status` tinyint(1) NOT NULL DEFAULT '1' COMMENT '账户状态,禁用为0 启用为1',
- `create_time` int(11) DEFAULT NULL COMMENT '创建时间',
- PRIMARY KEY (`id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- LOCK TABLES `think_admin` WRITE;
- /*!40000 ALTER TABLE `think_admin` DISABLE KEYS */;
- INSERT INTO `think_admin` (`id`, `username`, `password`, `ip`, `login_time`, `login_count`, `status`, `create_time`)
- VALUES
- (1,'admin2','123456',NULL,NULL,0,1,NULL),
- (2,'admin1','123456',NULL,NULL,0,1,NULL),
- (3,'admin','123456',NULL,NULL,0,1,NULL);
- /*!40000 ALTER TABLE `think_admin` ENABLE KEYS */;
- UNLOCK TABLES;
- # Dump of table think_auth_group
- # ------------------------------------------------------------
- DROP TABLE IF EXISTS `think_auth_group`;
- CREATE TABLE `think_auth_group` (
- `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
- `title` char(100) NOT NULL DEFAULT '',
- `status` tinyint(1) NOT NULL DEFAULT '1',
- `rules` char(80) NOT NULL DEFAULT '',
- PRIMARY KEY (`id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- LOCK TABLES `think_auth_group` WRITE;
- /*!40000 ALTER TABLE `think_auth_group` DISABLE KEYS */;
- INSERT INTO `think_auth_group` (`id`, `title`, `status`, `rules`)
- VALUES
- (1,'超级管理员',1,'1,2,3,4,5'),
- (2,'普通管理员',1,'4,5');
- /*!40000 ALTER TABLE `think_auth_group` ENABLE KEYS */;
- UNLOCK TABLES;
- # Dump of table think_auth_group_access
- # ------------------------------------------------------------
- DROP TABLE IF EXISTS `think_auth_group_access`;
- CREATE TABLE `think_auth_group_access` (
- `uid` mediumint(8) unsigned NOT NULL,
- `group_id` mediumint(8) unsigned NOT NULL,
- UNIQUE KEY `uid_group_id` (`uid`,`group_id`),
- KEY `uid` (`uid`),
- KEY `group_id` (`group_id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- LOCK TABLES `think_auth_group_access` WRITE;
- /*!40000 ALTER TABLE `think_auth_group_access` DISABLE KEYS */;
- INSERT INTO `think_auth_group_access` (`uid`, `group_id`)
- VALUES
- (1,2),
- (2,2),
- (3,1);
- /*!40000 ALTER TABLE `think_auth_group_access` ENABLE KEYS */;
- UNLOCK TABLES;
- # Dump of table think_auth_rule
- # ------------------------------------------------------------
- DROP TABLE IF EXISTS `think_auth_rule`;
- CREATE TABLE `think_auth_rule` (
- `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
- `name` char(80) NOT NULL DEFAULT '',
- `title` char(20) NOT NULL DEFAULT '',
- `type` tinyint(1) NOT NULL DEFAULT '1',
- `status` tinyint(1) NOT NULL DEFAULT '1',
- `condition` char(100) NOT NULL DEFAULT '',
- PRIMARY KEY (`id`),
- UNIQUE KEY `name` (`name`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- LOCK TABLES `think_auth_rule` WRITE;
- /*!40000 ALTER TABLE `think_auth_rule` DISABLE KEYS */;
- INSERT INTO `think_auth_rule` (`id`, `name`, `title`, `type`, `status`, `condition`)
- VALUES
- (1,'Admin/admin/role','角色管理',1,1,''),
- (2,'Admin/admin/index','管理员列表',1,1,''),
- (3,'Admin/Member/edit','会员信息修改',1,1,''),
- (4,'Admin/Member/index','会员列表',1,1,''),
- (5,'Admin/Member/show','单个会员信息查看',1,1,'');
- /*!40000 ALTER TABLE `think_auth_rule` ENABLE KEYS */;
- UNLOCK TABLES;
- # Dump of table think_user
- # ------------------------------------------------------------
- DROP TABLE IF EXISTS `think_user`;
- CREATE TABLE `think_user` (
- `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '会员ID',
- `username` varchar(255) DEFAULT NULL COMMENT '会员账号',
- `password` varchar(32) DEFAULT NULL COMMENT '会员密码',
- `ip` varchar(255) DEFAULT NULL COMMENT '最后登录IP地址',
- `login_time` int(11) DEFAULT NULL COMMENT '最后登录时间',
- `login_count` mediumint(8) NOT NULL COMMENT '登录次数',
- `status` tinyint(1) NOT NULL DEFAULT '1' COMMENT '账户状态,禁用为0 启用为1',
- `create_time` int(11) DEFAULT NULL COMMENT '创建时间',
- PRIMARY KEY (`id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- LOCK TABLES `think_user` WRITE;
- /*!40000 ALTER TABLE `think_user` DISABLE KEYS */;
- INSERT INTO `think_user` (`id`, `username`, `password`, `ip`, `login_time`, `login_count`, `status`, `create_time`)
- VALUES
- (1,'wangwu','123456',NULL,NULL,0,1,NULL),
- (2,'lisi','123456',NULL,NULL,0,1,NULL),
- (3,'wangwu','123456',NULL,NULL,0,1,NULL),
- (4,'zhangsan','123456',NULL,NULL,0,1,NULL);
- /*!40000 ALTER TABLE `think_user` ENABLE KEYS */;
- UNLOCK TABLES;
- /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
- /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
- /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
- /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
- /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
- /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
使用:
在某个控制的方法里:
- //会员信息编辑页面展示
- public function edit(){
- //
- session('uid','3'); //设置session;
- //下面代码动态判断权限
- $auth = new Auth();
- //var_dump($auth->getGroups(1));//获得用户所属的所有用户组
- if(!$auth->check(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME,session('uid'))){
- echo '没有权限';
- }else{
- echo '有权限';
- //todo...
- }
- $this->display('add');
- }
也可以写个公共控制器:
- <?php
- namespace Admin\Controller;
- use Think\Controller;
- use Think\Auth;
- //公共的权限认证控制器
- class AuthController extends Controller {
- protected function _initialize(){
- //session不存在时,不允许直接访问
- if(!session('aid')){
- $this->error('还没有登录,正在跳转到登录页',U('Public/login'));
- }
- //session存在时,不需要验证的权限
- $not_check = array('Index/clear/cache',
- 'Index/edit/pwd','Index/logout','Admin/admin_list',
- 'Admin/admin/list','Admin/admin/edit','Admin/admin/add');
- //当前操作的请求 模块名/方法名
- if(in_array(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME, $not_check)){
- return true;
- }
- //下面代码动态判断权限
- $auth = new Auth();
- if(!$auth->check(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME,session('aid')) && session('aid') != 1){
- $this->error('没有权限');
- }
- }
- }