English
English
When developing a website, user login and logout are essential functions. As a website grows, implementing detailed user role and permission management becomes crucial. This article explains how to use PHP functions to implement user login, logout functionality, and extend it to multi-level role and permission management, ensuring different users have the appropriate permissions to perform specific actions.
First, we need to create a database table to store user information, including the username, password, role, and creation time. Below is the structure for the user table:
CREATE TABLE users (
id INT(11) AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(100) NOT NULL,
password VARCHAR(100) NOT NULL,
role VARCHAR(50) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
In this table structure:
Next, we write a PHP function to implement the user login functionality:
function login($username, $password) {
// Query the database for user information
$query = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 1) {
$user = mysqli_fetch_assoc($result);
// Verify password
if (password_verify($password, $user['password'])) {
// Set user login state
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
return true;
}
}
return false;
}
The above code first checks the database to see if the username exists. If it does, it verifies the password using the password_verify function. If the password is correct, it stores the user information in the $_SESSION array, logging the user in.
The following is the PHP code for logging out, which destroys the current session using session_unset() and session_destroy():
function logout() {
// Destroy session
session_unset();
session_destroy();
}
This code ensures that the user is logged out by destroying the current session.
In addition to login and logout functions, we can extend the system to manage multi-level roles and permissions. Below is a function to check user permissions:
function checkPermission($requiredRole) {
if (isset($_SESSION['role']) && $_SESSION['role'] == $requiredRole) {
return true;
}
return false;
}
This function checks if the current user's role matches the required role. If it does, it returns true; otherwise, it returns false.
We can now control access based on user roles. For example, the following code applies different operations depending on the user's role:
if (checkPermission('admin')) {
// Perform admin operations
} elseif (checkPermission('user')) {
// Perform regular user operations
} else {
// No permission operation
}
This code executes different actions based on the user's role. If the user is an admin, it performs admin operations; if the user is a regular user, it performs regular user operations. If the user has no permission, it handles the "no permission" case.
Through the code examples above, we've demonstrated how to implement user login, logout, and multi-level role and permission management using PHP functions. With this approach, web developers can manage user permissions flexibly and ensure the security of their websites.
