一,先创建数据表
1、think_auth_rule,规则表
id:主键,
name:规则唯一标识,
title:规则中文名称
status 状态:为1正常,为0禁用,
condition:规则表达式,为空表示存在就验证,不为空表示按照条件验证
[sql] view plain copy
DROP TABLE IF EXISTS `think_auth_rule`;
CREATE TABLE `think_auth_rule` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`name` char(80) NOT NULL DEFAULT '',
`title` char(20) NOT NULL DEFAULT '',
`type` tinyint(1) NOT NULL DEFAULT '1',
`status` tinyint(1) NOT NULL DEFAULT '1',
`condition` char(100) NOT NULL DEFAULT '', # 规则附件条件,满足附加条件的规则,才认为是有效的规则
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
2、think_auth_group 用户组表
id:主键,
title:用户组中文名称,
rules:用户组拥有的规则id, 多个规则","隔开,
status 状态:为1正常,为0禁用
[sql] view plain copy
DROP TABLE IF EXISTS `think_auth_group`;
CREATE TABLE `think_auth_group` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`title` char(100) NOT NULL DEFAULT '',
`status` tinyint(1) NOT NULL DEFAULT '1',
`rules` char(80) NOT NULL DEFAULT '',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
3、think_auth_group_access 用户组明细表
uid:用户id,
group_id:用户组id
[sql] view plain copy
DROP TABLE IF EXISTS `think_auth_group_access`;
CREATE TABLE `think_auth_group_access` (
`uid` mediumint(8) unsigned NOT NULL,
`group_id` mediumint(8) unsigned NOT NULL,
UNIQUE KEY `uid_group_id` (`uid`,`group_id`),
KEY `uid` (`uid`),
KEY `group_id` (`group_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
4.既然是对后台管理员权限认证,所以还需要创建后台管理员表think_admin
[sql] view plain copy
DROP TABLE IF EXISTS `think_admin`;
CREATE TABLE `think_admin` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '管理员ID',
`username` varchar(255) DEFAULT NULL COMMENT '管理员账号',
`password` varchar(32) DEFAULT NULL COMMENT '管理员密码',
`ip` varchar(255) DEFAULT NULL COMMENT '最后登录IP地址',
`login_time` int(11) DEFAULT NULL COMMENT '最后登录时间',
`login_count` mediumint(8) NOT NULL COMMENT '登录次数',
`status` tinyint(1) NOT NULL DEFAULT '1' COMMENT '账户状态,禁用为0 启用为1',
`create_time` int(11) DEFAULT NULL COMMENT '创建时间',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
5.创建一张网站会员用户表think_user,权限认证(后台管理员对用户表的增删改查的权限)
[sql] view plain copy
DROP TABLE IF EXISTS `think_user`;
CREATE TABLE `think_user` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '管理员ID',
`username` varchar(255) DEFAULT NULL COMMENT '管理员账号',
`password` varchar(32) DEFAULT NULL COMMENT '管理员密码',
`ip` varchar(255) DEFAULT NULL COMMENT '最后登录IP地址',
`login_time` int(11) DEFAULT NULL COMMENT '最后登录时间',
`login_count` mediumint(8) NOT NULL COMMENT '登录次数',
`status` tinyint(1) NOT NULL DEFAULT '1' COMMENT '账户状态,禁用为0 启用为1',
`create_time` int(11) DEFAULT NULL COMMENT '创建时间',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
[sql] view plain copy
#便于测试,插入几条数据
insert into think_user (`username`,`password`) values('zhangsan','123456');
insert into think_user (`username`,`password`) values('lisi','123456');
insert into think_user (`username`,`password`) values('wangwu','123456');
二,在使用Auth类前需要配置config.php
[php] view plain copy
'AUTH_CONFIG'=>array(
'AUTH_ON' => true, //认证开关
'AUTH_TYPE' => 1, // 认证方式,1为时时认证;2为登录认证。
'AUTH_GROUP' => 'think_auth_group', //用户组数据表名
'AUTH_GROUP_ACCESS' => 'think_auth_group_access', //用户组明细表
'AUTH_RULE' => 'think_auth_rule', //权限规则表
'AUTH_USER' => 'think_admin'//用户信息表
)
补充:完整的sql
[sql] view plain copy
# ************************************************************
# Sequel Pro SQL dump
# Version 4499
#
# http://www.sequelpro.com/
# https://github.com/sequelpro/sequelpro
#
# Host: localhost (MySQL 5.5.42)
# Database: thinkphp
# Generation Time: 2015-12-15 03:03:54 +0000
# ************************************************************
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
# Dump of table think_admin
# ------------------------------------------------------------
DROP TABLE IF EXISTS `think_admin`;
CREATE TABLE `think_admin` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '管理员ID',
`username` varchar(255) DEFAULT NULL COMMENT '管理员账号',
`password` varchar(32) DEFAULT NULL COMMENT '管理员密码',
`ip` varchar(255) DEFAULT NULL COMMENT '最后登录IP地址',
`login_time` int(11) DEFAULT NULL COMMENT '最后登录时间',
`login_count` mediumint(8) NOT NULL COMMENT '登录次数',
`status` tinyint(1) NOT NULL DEFAULT '1' COMMENT '账户状态,禁用为0 启用为1',
`create_time` int(11) DEFAULT NULL COMMENT '创建时间',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
LOCK TABLES `think_admin` WRITE;
/*!40000 ALTER TABLE `think_admin` DISABLE KEYS */;
INSERT INTO `think_admin` (`id`, `username`, `password`, `ip`, `login_time`, `login_count`, `status`, `create_time`)
VALUES
(1,'admin2','123456',NULL,NULL,0,1,NULL),
(2,'admin1','123456',NULL,NULL,0,1,NULL),
(3,'admin','123456',NULL,NULL,0,1,NULL);
/*!40000 ALTER TABLE `think_admin` ENABLE KEYS */;
UNLOCK TABLES;
# Dump of table think_auth_group
# ------------------------------------------------------------
DROP TABLE IF EXISTS `think_auth_group`;
CREATE TABLE `think_auth_group` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`title` char(100) NOT NULL DEFAULT '',
`status` tinyint(1) NOT NULL DEFAULT '1',
`rules` char(80) NOT NULL DEFAULT '',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
LOCK TABLES `think_auth_group` WRITE;
/*!40000 ALTER TABLE `think_auth_group` DISABLE KEYS */;
INSERT INTO `think_auth_group` (`id`, `title`, `status`, `rules`)
VALUES
(1,'超级管理员',1,'1,2,3,4,5'),
(2,'普通管理员',1,'4,5');
/*!40000 ALTER TABLE `think_auth_group` ENABLE KEYS */;
UNLOCK TABLES;
# Dump of table think_auth_group_access
# ------------------------------------------------------------
DROP TABLE IF EXISTS `think_auth_group_access`;
CREATE TABLE `think_auth_group_access` (
`uid` mediumint(8) unsigned NOT NULL,
`group_id` mediumint(8) unsigned NOT NULL,
UNIQUE KEY `uid_group_id` (`uid`,`group_id`),
KEY `uid` (`uid`),
KEY `group_id` (`group_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
LOCK TABLES `think_auth_group_access` WRITE;
/*!40000 ALTER TABLE `think_auth_group_access` DISABLE KEYS */;
INSERT INTO `think_auth_group_access` (`uid`, `group_id`)
VALUES
(1,2),
(2,2),
(3,1);
/*!40000 ALTER TABLE `think_auth_group_access` ENABLE KEYS */;
UNLOCK TABLES;
# Dump of table think_auth_rule
# ------------------------------------------------------------
DROP TABLE IF EXISTS `think_auth_rule`;
CREATE TABLE `think_auth_rule` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`name` char(80) NOT NULL DEFAULT '',
`title` char(20) NOT NULL DEFAULT '',
`type` tinyint(1) NOT NULL DEFAULT '1',
`status` tinyint(1) NOT NULL DEFAULT '1',
`condition` char(100) NOT NULL DEFAULT '',
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
LOCK TABLES `think_auth_rule` WRITE;
/*!40000 ALTER TABLE `think_auth_rule` DISABLE KEYS */;
INSERT INTO `think_auth_rule` (`id`, `name`, `title`, `type`, `status`, `condition`)
VALUES
(1,'Admin/admin/role','角色管理',1,1,''),
(2,'Admin/admin/index','管理员列表',1,1,''),
(3,'Admin/Member/edit','会员信息修改',1,1,''),
(4,'Admin/Member/index','会员列表',1,1,''),
(5,'Admin/Member/show','单个会员信息查看',1,1,'');
/*!40000 ALTER TABLE `think_auth_rule` ENABLE KEYS */;
UNLOCK TABLES;
# Dump of table think_user
# ------------------------------------------------------------
DROP TABLE IF EXISTS `think_user`;
CREATE TABLE `think_user` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '会员ID',
`username` varchar(255) DEFAULT NULL COMMENT '会员账号',
`password` varchar(32) DEFAULT NULL COMMENT '会员密码',
`ip` varchar(255) DEFAULT NULL COMMENT '最后登录IP地址',
`login_time` int(11) DEFAULT NULL COMMENT '最后登录时间',
`login_count` mediumint(8) NOT NULL COMMENT '登录次数',
`status` tinyint(1) NOT NULL DEFAULT '1' COMMENT '账户状态,禁用为0 启用为1',
`create_time` int(11) DEFAULT NULL COMMENT '创建时间',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
LOCK TABLES `think_user` WRITE;
/*!40000 ALTER TABLE `think_user` DISABLE KEYS */;
INSERT INTO `think_user` (`id`, `username`, `password`, `ip`, `login_time`, `login_count`, `status`, `create_time`)
VALUES
(1,'wangwu','123456',NULL,NULL,0,1,NULL),
(2,'lisi','123456',NULL,NULL,0,1,NULL),
(3,'wangwu','123456',NULL,NULL,0,1,NULL),
(4,'zhangsan','123456',NULL,NULL,0,1,NULL);
/*!40000 ALTER TABLE `think_user` ENABLE KEYS */;
UNLOCK TABLES;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
使用:
在某个控制的方法里:
[php] view plain copy
//会员信息编辑页面展示
public function edit(){
//
session('uid','3'); //设置session;
//下面代码动态判断权限
$auth = new Auth();
//var_dump($auth->getGroups(1));//获得用户所属的所有用户组
if(!$auth->check(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME,session('uid'))){
echo '没有权限';
}else{
echo '有权限';
//todo...
}
$this->display('add');
}
也可以写个公共控制器:
[php] view plain copy
<?php
namespace Admin\Controller;
use Think\Controller;
use Think\Auth;
//公共的权限认证控制器
class AuthController extends Controller {
protected function _initialize(){
//session不存在时,不允许直接访问
if(!session('aid')){
$this->error('还没有登录,正在跳转到登录页',U('Public/login'));
}
//session存在时,不需要验证的权限
$not_check = array('Index/clear/cache',
'Index/edit/pwd','Index/logout','Admin/admin_list',
'Admin/admin/list','Admin/admin/edit','Admin/admin/add');
//当前操作的请求 模块名/方法名
if(in_array(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME, $not_check)){
return true;
}
//下面代码动态判断权限
$auth = new Auth();
if(!$auth->check(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME,session('aid')) && session('aid') != 1){
$this->error('没有权限');
}
}
}
转载于:https://blog.51cto.com/itafei/1962254
157
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
