Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
PH
/
heyu
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Branch: master
Branche Tagy
heyu
/
ThinkPHP
/
Extend
/
Library
/
ORG
/
Util
/
Auth.class.php

Auth.class.php 7.6 KB
Permanentný odkaz História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 
  1. <?php
    2. 

  2. // +----------------------------------------------------------------------
    3. 

  3. // | ThinkPHP [ WE CAN DO IT JUST THINK IT ]
    4. 

  4. // +----------------------------------------------------------------------
    5. 

  5. // | Copyright (c) 2011 http://thinkphp.cn All rights reserved.
    6. 

  6. // +----------------------------------------------------------------------
    7. 

  7. // | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
    8. 

  8. // +----------------------------------------------------------------------
    9. 

  9. // | Author: luofei614 <weibo.com/luofei614> 
    10. 

  10. // +----------------------------------------------------------------------
    11. 

  11. /**
    12. 

  12.  * 权限认证类
    13. 

  13.  * 功能特性:
    14. 

  14.  * 1,是对规则进行认证,不是对节点进行认证。用户可以把节点当作规则名称实现对节点进行认证。
    15. 

  15.  *      $auth=new Auth();  $auth->check('规则名称','用户id')
    16. 

  16.  * 2,可以同时对多条规则进行认证,并设置多条规则的关系(or或者and)
    17. 

  17.  *      $auth=new Auth();  $auth->check('规则1,规则2','用户id','and') 
    18. 

  18.  *      第三个参数为and时表示,用户需要同时具有规则1和规则2的权限。 当第三个参数为or时,表示用户值需要具备其中一个条件即可。默认为or
    19. 

  19.  * 3,一个用户可以属于多个用户组(think_auth_group_access表 定义了用户所属用户组)。我们需要设置每个用户组拥有哪些规则(think_auth_group 定义了用户组权限)
    20. 

  20.  * 
    21. 

  21.  * 4,支持规则表达式。
    22. 

  22.  *      在think_auth_rule 表中定义一条规则时,如果type为1, condition字段就可以定义规则表达式。 如定义{score}>5  and {score}<100  表示用户的分数在5-100之间时这条规则才会通过。
    23. 

  23.  * @category ORG
    24. 

  24.  * @package ORG
    25. 

  25.  * @subpackage Util
    26. 

  26.  * @author luofei614<weibo.com/luofei614>
    27. 

  27.  */
    28. 

  28. 

  29. //数据库
    30. 

  30. /*
    31. 

  31. -- ----------------------------
    32. 

  32. -- think_auth_rule,规则表,
    33. 

  33. -- id:主键,name:规则唯一标识, title:规则中文名称 status 状态:为1正常,为0禁用,condition:规则表达式,为空表示存在就验证,不为空表示按照条件验证
    34. 

  34. -- ----------------------------
    35. 

  35.  DROP TABLE IF EXISTS `think_auth_rule`;
    36. 

  36. CREATE TABLE `think_auth_rule` (  
    37. 

  37.     `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,  
    38. 

  38.     `name` char(80) NOT NULL DEFAULT '',  
    39. 

  39.     `title` char(20) NOT NULL DEFAULT '',  
    40. 

  40.     `status` tinyint(1) NOT NULL DEFAULT '1',  
    41. 

  41.     `condition` char(100) NOT NULL DEFAULT '',  
    42. 

  42.     PRIMARY KEY (`id`),  
    43. 

  43.     UNIQUE KEY `name` (`name`)
    44. 

  44. ) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
    45. 

  45. -- ----------------------------
    46. 

  46. -- think_auth_group 用户组表, 
    47. 

  47. -- id:主键, title:用户组中文名称, rules:用户组拥有的规则id, 多个规则","隔开,status 状态:为1正常,为0禁用
    48. 

  48. -- ----------------------------
    49. 

  49.  DROP TABLE IF EXISTS `think_auth_group`;
    50. 

  50. CREATE TABLE `think_auth_group` ( 
    51. 

  51.     `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT, 
    52. 

  52.     `title` char(100) NOT NULL DEFAULT '', 
    53. 

  53.     `status` tinyint(1) NOT NULL DEFAULT '1', 
    54. 

  54.     `rules` char(80) NOT NULL DEFAULT '', 
    55. 

  55.     PRIMARY KEY (`id`)
    56. 

  56. ) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
    57. 

  57. -- ----------------------------
    58. 

  58. -- think_auth_group_access 用户组明细表
    59. 

  59. -- uid:用户id,group_id:用户组id
    60. 

  60. -- ----------------------------
    61. 

  61. DROP TABLE IF EXISTS `think_auth_group_access`;
    62. 

  62. CREATE TABLE `think_auth_group_access` (  
    63. 

  63.     `uid` mediumint(8) unsigned NOT NULL,  
    64. 

  64.     `group_id` mediumint(8) unsigned NOT NULL, 
    65. 

  65.     UNIQUE KEY `uid_group_id` (`uid`,`group_id`),  
    66. 

  66.     KEY `uid` (`uid`), 
    67. 

  67.     KEY `group_id` (`group_id`)
    68. 

  68. ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
    69. 

  69.  */
    70. 

  70. 

  71. class Auth{
    72. 

  72. 

  73.     //默认配置
    74. 

  74.     protected $_config = array(
    75. 

  75.         'AUTH_ON' => true, //认证开关
    76. 

  76.         'AUTH_TYPE' => 1, // 认证方式,1为时时认证;2为登录认证。
    77. 

  77.         'AUTH_GROUP' => 'think_auth_group', //用户组数据表名
    78. 

  78.         'AUTH_GROUP_ACCESS' => 'think_auth_group_access', //用户组明细表
    79. 

  79.         'AUTH_RULE' => 'think_auth_rule', //权限规则表
    80. 

  80.         'AUTH_USER' => 'think_members'//用户信息表
    81. 

  81.     );
    82. 

  82. 

  83.     public function __construct() {
    84. 

  84.         if (C('AUTH_CONFIG')) {
    85. 

  85.             //可设置配置项 AUTH_CONFIG, 此配置项为数组。
    86. 

  86.             $this->_config = array_merge($this->_config, C('AUTH_CONFIG'));
    87. 

  87.         }
    88. 

  88.     }
    89. 

  89. 

  90.     //获得权限$name 可以是字符串或数组或逗号分割, uid为 认证的用户id, $or 是否为or关系,为true是, name为数组,只要数组中有一个条件通过则通过,如果为false需要全部条件通过。
    91. 

  91.     public function check($name, $uid, $relation='or') {
    92. 

  92.         if (!$this->_config['AUTH_ON'])
    93. 

  93.             return true;
    94. 

  94.         $authList = $this->getAuthList($uid);
    95. 

  95.         if (is_string($name)) {
    96. 

  96.             if (strpos($name, ',') !== false) {
    97. 

  97.                 $name = explode(',', $name);
    98. 

  98.             } else {
    99. 

  99.                 $name = array($name);
    100. 

  100.             }
    101. 

  101.         }
    102. 

  102.         $list = array(); //有权限的name
    103. 

  103.         foreach ($authList as $val) {
    104. 

  104.             if (in_array($val, $name))
    105. 

  105.                 $list[] = $val;
    106. 

  106.         }
    107. 

  107.         if ($relation=='or' and !empty($list)) {
    108. 

  108.             return true;
    109. 

  109.         }
    110. 

  110.         $diff = array_diff($name, $list);
    111. 

  111.         if ($relation=='and' and empty($diff)) {
    112. 

  112.             return true;
    113. 

  113.         }
    114. 

  114.         return false;
    115. 

  115.     }
    116. 

  116. 

  117.     //获得用户组,外部也可以调用
    118. 

  118.     public function getGroups($uid) {
    119. 

  119.         static $groups = array();
    120. 

  120.         if (isset($groups[$uid]))
    121. 

  121.             return $groups[$uid];
    122. 

  122.         $user_groups = M()->table($this->_config['AUTH_GROUP_ACCESS'] . ' a')->where("a.uid='$uid' and g.status='1'")->join($this->_config['AUTH_GROUP']." g on a.group_id=g.id")->select();
    123. 

  123.         $groups[$uid]=$user_groups?$user_groups:array();
    124. 

  124.         return $groups[$uid];
    125. 

  125.     }
    126. 

  126. 

  127.     //获得权限列表
    128. 

  128.     protected function getAuthList($uid) {
    129. 

  129.         static $_authList = array();
    130. 

  130.         if (isset($_authList[$uid])) {
    131. 

  131.             return $_authList[$uid];
    132. 

  132.         }
    133. 

  133.         if(isset($_SESSION['_AUTH_LIST_'.$uid])){
    134. 

  134.             return $_SESSION['_AUTH_LIST_'.$uid];
    135. 

  135.         }
    136. 

  136.         //读取用户所属用户组
    137. 

  137.         $groups = $this->getGroups($uid);
    138. 

  138.         $ids = array();
    139. 

  139.         foreach ($groups as $g) {
    140. 

  140.             $ids = array_merge($ids, explode(',', trim($g['rules'], ',')));
    141. 

  141.         }
    142. 

  142.         $ids = array_unique($ids);
    143. 

  143.         if (empty($ids)) {
    144. 

  144.             $_authList[$uid] = array();
    145. 

  145.             return array();
    146. 

  146.         }
    147. 

  147.         //读取用户组所有权限规则
    148. 

  148.         $map=array(
    149. 

  149.             'id'=>array('in',$ids),
    150. 

  150.             'status'=>1
    151. 

  151.         );
    152. 

  152.         $rules = M()->table($this->_config['AUTH_RULE'])->where($map)->select();
    153. 

  153.         //循环规则,判断结果。
    154. 

  154.         $authList = array();
    155. 

  155.         foreach ($rules as $r) {
    156. 

  156.             if (!empty($r['condition'])) {
    157. 

  157.                 //条件验证
    158. 

  158.                 $user = $this->getUserInfo($uid);
    159. 

  159.                 $command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $r['condition']);
    160. 

  160.                 //dump($command);//debug
    161. 

  161.                 @(eval('$condition=(' . $command . ');'));
    162. 

  162.                 if ($condition) {
    163. 

  163.                     $authList[] = $r['name'];
    164. 

  164.                 }
    165. 

  165.             } else {
    166. 

  166.                 //存在就通过
    167. 

  167.                 $authList[] = $r['name'];
    168. 

  168.             }
    169. 

  169.         }
    170. 

  170.         $_authList[$uid] = $authList;
    171. 

  171.         if($this->_config['AUTH_TYPE']==2){
    172. 

  172.             //session结果
    173. 

  173.             $_SESSION['_AUTH_LIST_'.$uid]=$authList;
    174. 

  174.         }
    175. 

  175.         return $authList;
    176. 

  176.     }
    177. 

  177.     //获得用户资料,根据自己的情况读取数据库
    178. 

  178.     protected function getUserInfo($uid) {
    179. 

  179.         static $userinfo=array();
    180. 

  180.         if(!isset($userinfo[$uid])){
    181. 

  181.              $userinfo[$uid]=M()->table($this->_config['AUTH_USER'])->find($uid);
    182. 

  182.         }
    183. 

  183.         return $userinfo[$uid];
    184. 

  184.     }
    185. 

  185. 

  186. }
    187.