权限管理

权限管理，一般指根据系统设置的安全规则或者安全策略，用户可以访问而且只能访问自己被授权的资源,我们所做就是为了实现这一功能。

1.main.php页面：

通过ajax可以在当前页面实现对用户的管理权限进行设定，可显示已经设定好的权限，可以增删

2.chuli.php页面：

通过用户代号找到相应的角色代号，将数据传回main.php页面，实现现有权限的选中状态

3.add.php页面;

点击确定按钮，将用户及选中的权限值传到该页面进行操作，添加到数据库

4.log.php页面;

通过用户名，密码登录

5.logchuli.php页面：

判断用户名，密码是否一致，成功登录主页面，及可使用功能页面

6.zhuye.php页面;

将已经设定好的权限显示出来，每个人的限制不同显示的功能不同

main.php页面：

<head>
<script src="../jquery-2.2.3.min.js"></script>
</head>

<body>
<h1>管理权限</h1>
<div>请选择用户：
<select id="user">
<?php
include("../DBDA.class.php");
$db = new DBDA();
$sql = "select * from userso";
$attr = $db->Query($sql);
foreach($attr as $v)
{
    echo "<option value='{$v[0]}' >{$v[2]}</option>";
}

?>
</select>
</div>


<div>请选择角色：</div>
<div>
<?php
$sqljs = "select * from juese";
$attr = $db->Query($sqljs);

foreach($attr as $v)
{
    echo "<input type='checkbox' value='{$v[0]}' class='js'/>{$v[1]}";
}
?>
</div>

<div><input type="button" value="确定" id="btn" /></div>

</body>

<script type="text/javascript">
$(document).ready(function(e) {
    ShowJueSe();
    
    $("#user").change(function(){
    
         ShowJueSe();
        })
        function ShowJueSe()
        {
            var uid = $("#user").val();
        $.ajax({
            url:"chuli.php",
            data:{uid:uid},
            type:"POST",
            dataType:"TEXT",
            success: function(data){
                
                var shuju = data.split("|");//角色名
                var ck = $(".js");//所有复选框
                ck.prop("checked",false);
                for(var i =0;i<ck.length;i++)
                {
                    var v = ck.eq(i).val();
                    if($.inArray(v,shuju)>=0)
                    {
                        ck.eq(i).prop("checked",true);
                    }
                    
                
                }
                }
            
            });
        }
        
        $("#btn").click(function(){
            
            var uid = $("#user").val();
            var ck = $(".js");
            var str = "";
            for(var i=0;i<ck.length;i++)
            {
                if(ck.eq(i).prop("checked"))
                {
                    str = str+ck.eq(i).val()+"|";
                
                }
            }
            str = str.substr(0,str.length-1);
            $.ajax({
                url:"add.php",
                data:{uid:uid,juese:str},
                type:"POST",
                dataType:"TEXT",
                success: function(data){
                    
                    if(data.trim()=="OK")
                    {
                        alert("操作成功");
                    }
                    else
                    {
                        alert("操作失败");
                    }
                    
                    }
                });
            
            })
});

</script>

chuli.php:

<?php
$uid = $_POST["uid"];
include("../DBDA.class.php");
$db = new DBDA();

$sql = "select JueSeId from UserInJueSe where userid='{$uid}'";

echo $db->StrQuery($sql);

add.php:

<?php
include("../DBDA.class.php");
$db = new DBDA();

$bs = true;
$uid = $_POST["uid"];
$juese = $_POST["juese"];
$juese = explode("|",$juese);
//清空角色信息
$sqldel = "delete from userinjuese where userid='{$uid}'";
if(!$db->Query($sqldel,0))
{
    $bs = $bs && false;
}


//添加角色信息
foreach($juese as $v)
{
 $sql = "insert into userinjuese values('','{$uid}','{$v}')";
 //echo $sql;
 if(!$db->Query($sql,0))
 {
     $bs = $bs && false;
 }
}
if($bs)
{
    echo "OK";
}
else
{
    echo "NO";
}

登录页面log.php:

<body>
<form action="logchuli.php" method="post">
<div>用户名：<input type="text" name="uid" /></div>
<div>密码：<input type="text" name="pwd" /></div>
<input type="submit" value="登录" />
</form>
</body>

logchuli.php:

<?php
session_start();
$uid = $_POST["uid"];
$pwd = $_POST["pwd"];

include("../DBDA.class.php");
$db = new DBDA();
$sql = "select count(*) from userso where username='{$uid}' and password='{$pwd}'";

$z = $db->StrQuery($sql);

if($z ==1)
{
    $_SESSION["username"] = $uid;
    header("lcation:zhuye.php");
}
else
{
    header("lcation:log.php");
}

zhuye.php:

<head>
<?php
session_start();
//判断username是否为空

if(empty($_SESSION["username"]))
{
    header("location:login.php");
    exit;
}
$uid = $_SESSION["uid"];

include("../DBDA.php");
$db = new DBDA();
?>


//对菜单进行样式设置
<style type="text/css">
*{ margin:0px auto; padding:0px}
#menu{
    100%;
    height:40px;
    }
.cd{
    100px;
    height:40px;
    background-color:#60C;
    color:white;
    font-size:18px;
    text-align:center;
    line-height:40px;
    vertical-align:middle;
    float:left;
    }
.cd:hover{
    
    background-color:#F33;
    cursor:pointer;
    
    }
</style>

</head>


<body>
<br />
<center><h1>主页面</h1></center>
<br />
<a href="log.php">退出 </a>
<br />
<br />
<br />
<div id="menu">
    <div class="cd">权限管理</div>
    
    <?php
    
    //根据用户名找到所对应的角色代号
    $sjs = "select JueSeId from UserInJueSe where UserId ='{$username}' ";
    
    $ajs = $db->Query($sjs);
    
    //根据角色代号找到对应的功能
    $all = array();//存储该用户所有的功能代号
    
    foreach($ajs as $vjs)
    {
        $sgn = "select RuleId from JueSeWithRules where JueSeId ='{$vjs[0]}'";
        $agn = $db->Query($sgn);
        
        foreach($agn as $vgn)
        {
            array_push($all,$vgn[0]);    
        }
    }
    
    $all = array_unique($all);
    
    //显示菜单
    foreach($all as $vall)
    {
        $sn = "select Name from Rules where Code = '{$vall}'";
        $name = $db->StrQuery($sn);
        
        echo "<div class='cd'>{$name}</div>";
    }
    
    ?>
    
</div>


</body>