限制用户未经授权的访问

本文介绍了限制用户未经授权的访问的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我目前正在 Codeigniter 框架中开发应用程序.我的项目由具有不同操作的不同级别的用户组成.

I am currently developing an application in Codeigniter framework. My project consists of different levels of users who have different operations.

我创建了一个 Default_model 来处理与数据库的所有交互.所有控制器都与此单一模型交互.

I have created a Default_model which handles all the interactions with database. All controllers interact with this single model.

每个用户在注册时都有一个由其选择的名称(他仅在获得管理员的配置文件批准后才能访问配置文件.)

Each user has a designation chosen by the user at the time of registration (He gets to access profile after getting profile approval by Admin only).

我的实现方式

让 user1 注册为 Level1 ，他可以访问名称为 operation1

Let a user1 is registered with designation Level1 and he can access an operation with the name operation1

我当前正在做的事情是在控制器中编写一个函数， user1 通过 www.example/page/operation1 访问该操作.在此函数中，我检查用户的指定( ==="level1" )，如果他具有访问我从数据库中检索到的函数的权限(将所需数据加载到控制器的构造函数中，包括名称，则在会话中设置了 userid .如果名称(如果不是 level1 )不正确，则会显示 404 .

What I am doing currently is written a function in controller and the user1 access the operation by www.example/page/operation1. Here in the function I check for the designation of the user (==="level1") if he has authorization to access the function which I retrieved from the database(Load needed data in constructor of controller includes designation, userid is set in session).If the designation (if not level1) is incorrect 404 is shown.

当前，我在模型中没有指定检查.如果调用了模型中的函数，它将返回数据.我是否需要再次检查他是否在模型中得到了授权?在我的情况下，是否有更通用或更易于实现的方法?

Currently I do not have designation checking in the model. If the function in the model is called it returns the data. Do I have to again check if he is authorized in the model? Is there a more generic or easy to implement approach to my scenario?

更新

控制器: page.php

<?php defined('BASEPATH') OR exit('No direct script access allowed'); class Page extends CI_Controller { public $id; public function __construct() { parent::__construct(); //load libraries and model(Default_model) here $this->id = $this->getData(); //loading data from DB, returns FALSE if session empty if ($this->id) { //has data } else { $data = array( 'error' => 'Login to continue. <a href="' . base_url() . '">CLICK HERE</a>' ); $this->load->view('error_view', $data); } } public function operation1() { if($this->id->designation === 1) { //call model method because he is LEVEL 1 user } } }

推荐答案

您可以利用钩子以这种简单的方式只写一次

You can utilize hooks for that easy way write once only

第1步:

在config.php中启用钩子

enable hooks in config.php

$ config ['enable_hooks'] = TRUE;

步骤2:使用像这样的钩子的post_controller_constructor: Location/config/hooks.php

step 2: use post_controller_constructor of hooks like this : Location /config/hooks.php

$hook['post_controller_constructor'] = array( 'class' => 'Auth_module', 'function' => 'index', 'filename' => 'Auth_module.php', 'filepath' => 'hooks', 'params' => array() );

上面的代码Auth_module.php位于文件夹application/hooks/Auth_module.php中，函数名称是在调用的类的构造函数之后调用该函数的索引

像Auth_module.php这样的代码

the Auth_module.php code like

<?php class Auth_module { var $CI; var $user_id; var $role_id; var $collegeId; public function __construct() { $this->CI = & get_instance(); $this->CI->load->library('session'); //if it's not autoloaded in your CI setup $admin_user_data = $this->CI->session->userdata('admin_user_data'); $this->CI->load->model('admin_model'); $this->CI->load->library('user_agent'); } public function index() { if (!empty($this->user_id)) { $class= $this->CI->router->fetch_class(); $method= $this->CI->router->fetch_method(); $role_name = $this->getRoleName($this->role_id); if ($role_name) { $Adminpermission = $this->CI->admin_model->getPermissions($class,$role_name); $Adminpermission_lower = array(); foreach($Adminpermission as $mm_name) $Adminpermission_lower[] = strtolower($mm_name); if(!empty($Adminpermission)){ if(in_array($method, $Adminpermission) || in_array($method, $Adminpermission_lower)){ $log_data['access'] = 'success'; //* all is ok here*/ }else if($class !='dashboard' and $class !='admin'){ $message='You don\'t have permissions to access this module. Please contact your administrator.'; $this->redirectMethod($message,$class); $log_data['access'] = 'failed'; } }else if($class !='dashboard' and $class !='admin'){ $message='You don\'t have sufficient permissions.please contact your administrator.'; $this->redirectMethod($message); $log_data['access'] = 'not defined in db'; } } else if($class !='dashboard' and $class !='admin') { $message='Request role is not defined. Please contact to your administrator or mail : test@test .'; $this->redirectMethod($message); $log_data['access'] = 'role name not defined'; } } } public function redirectMethod($message,$class=''){ $message = "<div class='alert alert-danger' role='alert'>".$message."</div>" ; $this->CI->session->set_flashdata('flashMessage', $message); if($class==null){ redirect('dashboard'); }else{ redirect($class); } } public function getRoleName($id) { $master_db = $this->CI->load->database('master', TRUE); $result = $master_db->query("select role_name from role where id='$id'"); $num_rows = $result->num_rows(); if ($num_rows == 1) { return $result->row()->role_name; } else { return false; } } }

根据您的要求修改身份验证文件.

Modify auth file as per your requirement.