English
English
In the web system, user permission control is an extremely important part. A reasonable permission system can not only protect the system's sensitive data, but also ensure that users can only access the content they should access. In PHP, we can use the bindec() function to combine bit operations to build an efficient and easy-to-extend permission control mechanism. This article will introduce in detail how to use these two to build a user permission system.
The core idea of permission control is to abstract each permission into a binary bit. For example, an 8-bit permission field can represent 8 types of permissions, and 1 or 0 on each bit indicates whether the permission is enabled.
For example, suppose that the following permissions are defined:
| Permission position | Permission value | Permission Name |
|---|---|---|
| 0 | 1 | View content |
| 1 | 2 | Edit content |
| 2 | 4 | Delete content |
| 3 | 8 | Review content |
| 4 | 16 | Manage users |
| 5 | 32 | Post content |
| 6 | 64 | View Report |
| 7 | 128 | Super Administrator |
A user's permissions can be represented by a binary string (for example "10101010" ) representing a set of enabled and disabled permissions. We can use bindec() to convert this string into a decimal number, and then use bit operations to determine whether a certain permission is enabled.
First, suppose that the permission value of a certain user is 170 , that is, 10101010 in binary, and he has permissions 1, 3, 5, and 7.
We can use the following code to determine whether we have a certain permission:
<?php
// Define permission constants
define('PERM_VIEW', 1); // 00000001
define('PERM_EDIT', 2); // 00000010
define('PERM_DELETE', 4); // 00000100
define('PERM_APPROVE', 8); // 00001000
define('PERM_USER', 16); // 00010000
define('PERM_PUBLISH', 32); // 00100000
define('PERM_REPORT', 64); // 01000000
define('PERM_ADMIN', 128); // 10000000
// Assume that a user's permission value is170(Binary10101010)
$userPermissions = 170;
// Check if there is editing permission
if ($userPermissions & PERM_EDIT) {
echo "User has editing permissions";
} else {
echo "User does not have edit permissions";
}
?>
The above code uses the & operator to determine whether the specified permission bit is 1. This way we can easily determine whether the user has specific permissions.
To give permissions to the user, you only need to perform or calculate the permission bit ( | ):
<?php
$userPermissions = 0; // The initial permission is0
// Add to“View content”and“Post content”Permissions
$userPermissions |= PERM_VIEW;
$userPermissions |= PERM_PUBLISH;
echo $userPermissions; // The output is33
?>
Revoking a certain permission requires non-( &~ ) operations:
<?php
// 原始Permissions为:Browse、edit、release(Right now 1 + 2 + 32 = 35)
$userPermissions = 35;
// Revoke“edit”Permissions
$userPermissions &= ~PERM_EDIT;
echo $userPermissions; // The result is33
?>
Permission values can eventually be saved in the database fields, such as the permissions field of the users table, of type INT :
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50),
permissions INT DEFAULT 0
);
Read user permissions and verify:
<?php
// 假设从数据库中取出Permissions字段为 $permissions
$permissions = 170;
if ($permissions & PERM_DELETE) {
echo "You can delete content";
} else {
echo "You do not have permission to delete content";
}
?>
Taking a background management system as an example, when an administrator logs in, the system needs to determine whether to display certain function buttons. You can control it in the template by:
<?php
if ($adminPermissions & PERM_USER) {
echo '<a href="https://m66.net/admin/users">Manage users</a>';
}
?>
This permission control method implemented through bit operations has the following advantages:
Storage savings : All permissions are merged into one integer field, saving space.
Efficient query : permission judgment is completed through bit operations, and the speed is extremely fast.
Extension flexibility : Just add a new permission bit to add a new permission type.
Suitable for small and medium-sized systems or scenarios with relatively fixed permission types. If the system permissions are complex and require multi-dimensional control, it is recommended to use the RBAC (role-based access control) model combined with the database to achieve finer granular management.
Through the combination of bindec() and bit operation, we can implement a simple and efficient user permission management method. It is very convenient to manipulate binary and integers in PHP, and is very suitable for building lightweight permission control systems. In actual projects, it is recommended that you encapsulate permission constants and judgment logic into classes or functions to enhance maintainability and readability.
