权限管理,一般指根据系统设置的安全规则或者安全策略,用户可以访问而且只能访问自己被授权的资源,我们所做就是为了实现这一功能。
1.main.php页面:
通过ajax可以在当前页面实现对用户的管理权限进行设定,可显示已经设定好的权限,可以增删
2.chuli.php页面:
通过用户代号找到相应的角色代号,将数据传回main.php页面,实现现有权限的选中状态
3.add.php页面;
点击确定按钮,将用户及选中的权限值传到该页面进行操作,添加到数据库
4.log.php页面;
通过用户名,密码登录
5.logchuli.php页面:
判断用户名,密码是否一致,成功登录主页面,及可使用功能页面
6.zhuye.php页面;
将已经设定好的权限显示出来,每个人的限制不同显示的功能不同
main.php页面:
<head>
<script src="../jquery-2.2.3.min.js"></script>
</head>
<body>
<h1>管理权限</h1>
<div>请选择用户:
<select id="user">
<?php
include("../DBDA.class.php");
$db = new DBDA();
$sql = "select * from userso";
$attr = $db->Query($sql);
foreach($attr as $v)
{
echo "<option value='{$v[0]}' >{$v[2]}</option>";
}
?>
</select>
</div>
<div>请选择角色:</div>
<div>
<?php
$sqljs = "select * from juese";
$attr = $db->Query($sqljs);
foreach($attr as $v)
{
echo "<input type='checkbox' value='{$v[0]}' class='js'/>{$v[1]}";
}
?>
</div>
<div><input type="button" value="确定" id="btn" /></div>
</body>
<script type="text/javascript">
$(document).ready(function(e) {
ShowJueSe();
$("#user").change(function(){
ShowJueSe();
})
function ShowJueSe()
{
var uid = $("#user").val();
$.ajax({
url:"chuli.php",
data:{uid:uid},
type:"POST",
dataType:"TEXT",
success: function(data){
var shuju = data.split("|");//角色名
var ck = $(".js");//所有复选框
ck.prop("checked",false);
for(var i =0;i<ck.length;i++)
{
var v = ck.eq(i).val();
if($.inArray(v,shuju)>=0)
{
ck.eq(i).prop("checked",true);
}
}
}
});
}
$("#btn").click(function(){
var uid = $("#user").val();
var ck = $(".js");
var str = "";
for(var i=0;i<ck.length;i++)
{
if(ck.eq(i).prop("checked"))
{
str = str+ck.eq(i).val()+"|";
}
}
str = str.substr(0,str.length-1);
$.ajax({
url:"add.php",
data:{uid:uid,juese:str},
type:"POST",
dataType:"TEXT",
success: function(data){
if(data.trim()=="OK")
{
alert("操作成功");
}
else
{
alert("操作失败");
}
}
});
})
});
</script>
chuli.php:
<?php
$uid = $_POST["uid"];
include("../DBDA.class.php");
$db = new DBDA();
$sql = "select JueSeId from UserInJueSe where userid='{$uid}'";
echo $db->StrQuery($sql);
add.php:
<?php
include("../DBDA.class.php");
$db = new DBDA();
$bs = true;
$uid = $_POST["uid"];
$juese = $_POST["juese"];
$juese = explode("|",$juese);
//清空角色信息
$sqldel = "delete from userinjuese where userid='{$uid}'";
if(!$db->Query($sqldel,0))
{
$bs = $bs && false;
}
//添加角色信息
foreach($juese as $v)
{
$sql = "insert into userinjuese values('','{$uid}','{$v}')";
//echo $sql;
if(!$db->Query($sql,0))
{
$bs = $bs && false;
}
}
if($bs)
{
echo "OK";
}
else
{
echo "NO";
}
登录页面log.php:
<body> <form action="logchuli.php" method="post"> <div>用户名:<input type="text" name="uid" /></div> <div>密码:<input type="text" name="pwd" /></div> <input type="submit" value="登录" /> </form> </body>
logchuli.php:
<?php
session_start();
$uid = $_POST["uid"];
$pwd = $_POST["pwd"];
include("../DBDA.class.php");
$db = new DBDA();
$sql = "select count(*) from userso where username='{$uid}' and password='{$pwd}'";
$z = $db->StrQuery($sql);
if($z ==1)
{
$_SESSION["username"] = $uid;
header("lcation:zhuye.php");
}
else
{
header("lcation:log.php");
}
zhuye.php:
<head>
<?php
session_start();
//判断username是否为空
if(empty($_SESSION["username"]))
{
header("location:login.php");
exit;
}
$uid = $_SESSION["uid"];
include("../DBDA.php");
$db = new DBDA();
?>
//对菜单进行样式设置
<style type="text/css">
*{ margin:0px auto; padding:0px}
#menu{
100%;
height:40px;
}
.cd{
100px;
height:40px;
background-color:#60C;
color:white;
font-size:18px;
text-align:center;
line-height:40px;
vertical-align:middle;
float:left;
}
.cd:hover{
background-color:#F33;
cursor:pointer;
}
</style>
</head>
<body>
<br />
<center><h1>主页面</h1></center>
<br />
<a href="log.php">退出 </a>
<br />
<br />
<br />
<div id="menu">
<div class="cd">权限管理</div>
<?php
//根据用户名找到所对应的角色代号
$sjs = "select JueSeId from UserInJueSe where UserId ='{$username}' ";
$ajs = $db->Query($sjs);
//根据角色代号找到对应的功能
$all = array();//存储该用户所有的功能代号
foreach($ajs as $vjs)
{
$sgn = "select RuleId from JueSeWithRules where JueSeId ='{$vjs[0]}'";
$agn = $db->Query($sgn);
foreach($agn as $vgn)
{
array_push($all,$vgn[0]);
}
}
$all = array_unique($all);
//显示菜单
foreach($all as $vall)
{
$sn = "select Name from Rules where Code = '{$vall}'";
$name = $db->StrQuery($sn);
echo "<div class='cd'>{$name}</div>";
}
?>
</div>
</body>