PHP-人员权限管理(RBAC)
权限管理可以想做vip的功能,普通用户和vip用户的功能是不一样的,大致会用到五张表:用户表、角色表、功能表,还有他们之间互相关联的表:用户与角色表、角色与功能表
我用到的五张表如下:
一.首先写的是管理员页面
1.用下拉列表显示用户名
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
<div>
<select
id="user">
<?php
require"../DBDA.class.php";
$db = new DBDA();
$sql = "select
* from users";
$arr = $db->query($sql,1);
foreach($arr as $v)
{
echo"<option
value='{$v[0]}'>{$v[2]}</option>";
}
?>
</select>
</div>
|
2.因为上面已经造了新对象,所以在显示角色名时直接从SQL语句开始写
|
1
2
3
4
5
6
7
8
9
10
11
|
<div>请选择角色:
<?php
$sql = "select
* from juese";
$arr = $db->query($sql,1);
foreach($arr as $v)
{
echo "<input
type='checkbox' class='ck' value='{$v[0]}'/>{$v[1]}";
}
?>
</div>
<br/>
|
3.为了修改权限加一个确认保存按钮
|
1
|
<input
type="button" value="保存" id="baocun" />
|
4.这样,再考虑怎么让数据库中用户本有的角色显示出来,那就是要用到下拉列表和复选框的值了
可以把它写入方法里,然后调用这个方法
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
function Xuan()
{
var uid
= $("#user").val();
$.ajax({
url:"chuli.php",
data:{uid:uid},
type:"POST",
dataType:"TEXT",
success: function(data){
var js
= data.trim().split("|");
var ck
= $(".ck");
ck.prop("checked",false);
for(var i=0;i<ck.length;i++)
{
var v
= ck.eq(i).val();
if(js.indexOf(v)>=0)
{
ck.eq(i).prop("checked",true);
}
}
}
})
}
|
5.各项值的处理页面
|
1
2
3
4
5
6
|
<?php
require"../DBDA.class.php";
$db = new DBDA();
$uid = $_POST["uid"];
$sql = "select
jueseid from userinjuese where userid='{$uid}'";
echo $db->strquery($sql);
|
效果如下:
6.最后就是保存修改后的值了,可以直接用全部删除在重新写入的方法来进行值的选择;对保存按钮添加单击事件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Xuan();
$("#user").change(function(){
Xuan();
})
$("#baocun").click(function(){
var uid
= $("#user").val();
var str
= "";
var ck
= $(".ck");
for(var i=0;i<ck.length;i++)
{
if(ck.eq(i).prop("checked"))
{
str
= str + ck.eq(i).val()+",";
}
}
str
= str.substr(0,str.length-1);
$.ajax({
url:"add.php",
data:{uid:uid,js:str},
type:"POST",
dataType:"TEXT",
success: function(data){
alert("保存成功!");
}
})
})
|
7.保存的处理页面
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
<?php
require "../DBDA.class.php";
$db = new DBDA();
$uid = $_POST["uid"];
$js = $_POST["js"];
//清空原有角色
$sql = "delete
from userinjuese where userid='{$uid}'";
$db->query($sql);
//添加选中的角色
$ajs = explode(",",$js);
foreach($ajs as $v)
{
$sql = "insert
into userinjuese values('','{$uid}','{$v}')";
$db->query($sql);
}
|
效果如下:
下面代码用来copy用,注意AJAX需要引用jQuery
1.guanli.php
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
<!DOCTYPE
html PUBLIC "-//W3C//DTD
XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta
http-equiv="Content-Type" content="text/html;
charset=utf-8" />
<title>无标题文档</title>
<script
src="../jquery-3.2.0.min.js"></script>
</head>
<body>
<h1>用户角色对应</h1>
<div>
<select
id="user">
<?php
require"../DBDA.class.php";
$db = new DBDA();
$sql = "select
* from users";
$arr = $db->query($sql,1);
foreach($arr as $v)
{
echo"<option
value='{$v[0]}'>{$v[2]}</option>";
}
?>
</select>
</div>
<br/>
<div>请选择角色:
<?php
$sql = "select
* from juese";
$arr = $db->query($sql,1);
foreach($arr as $v)
{
echo "<input
type='checkbox' class='ck' value='{$v[0]}'/>{$v[1]}";
}
?>
</div>
<br/>
<input
type="button" value="保存" id="baocun" />
</body>
<script
type="text/javascript">
Xuan();
$("#user").change(function(){
Xuan();
})
$("#baocun").click(function(){
var uid
= $("#user").val();
var str
= "";
var ck
= $(".ck");
for(var i=0;i<ck.length;i++)
{
if(ck.eq(i).prop("checked"))
{
str
= str + ck.eq(i).val()+",";
}
}
str
= str.substr(0,str.length-1);
$.ajax({
url:"add.php",
data:{uid:uid,js:str},
type:"POST",
dataType:"TEXT",
success: function(data){
alert("保存成功!");
}
})
})
function Xuan()
{
var uid
= $("#user").val();
$.ajax({
url:"chuli.php",
data:{uid:uid},
type:"POST",
dataType:"TEXT",
success: function(data){
var js
= data.trim().split("|");
var ck
= $(".ck");
ck.prop("checked",false);
for(var i=0;i<ck.length;i++)
{
var v
= ck.eq(i).val();
if(js.indexOf(v)>=0)
{
ck.eq(i).prop("checked",true);
}
}
}
})
}
</script>
</html>
|
2.chuli.php
|
1
2
3
4
5
6
|
<?php
require"../DBDA.class.php";
$db = new DBDA();
$uid = $_POST["uid"];
$sql = "select
jueseid from userinjuese where userid='{$uid}'";
echo $db->strquery($sql);
|
3.保存的处理页面 add.php
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
<?php
require "../DBDA.class.php";
$db = new DBDA();
$uid = $_POST["uid"];
$js = $_POST["js"];
//清空原有角色
$sql = "delete
from userinjuese where userid='{$uid}'";
$db->query($sql);
//添加选中的角色
$ajs = explode(",",$js);
foreach($ajs as $v)
{
$sql = "insert
into userinjuese values('','{$uid}','{$v}')";
$db->query($sql);
}
|
二.完成管理员页面后,下面就是登录页面
1.登录基本页面 login.php
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<!DOCTYPE
html PUBLIC "-//W3C//DTD
XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta
http-equiv="Content-Type" content="text/html;
charset=utf-8" />
<title>无标题文档</title>
</head>
<body>
<h1>登录界面</h1>
<form
action="dlchuli.php" method="post">
<div>用户名:<input
type="text" name="uid" /></div>
<div>密码: <input
type="password" name="pwd" /></div>
<input
type="submit" value="登录" />
</form>
</body>
</html>
|
2.登录处理的页面 dlchuli.php
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
<?php
session_start();
require "../DBDA.class.php";
$db = new DBDA();
$uid = $_POST["uid"];
$pwd = $_POST["pwd"];
$sql = "select
pwd from users where uid='{$uid}'";
$mm = $db->strquery($sql);
if($mm==$pwd &&
!empty($pwd))
{
$_SESSION["uid"]
= $uid;
header("location:main.php");
}
else
{
echo"输入的用户名或密码有误!";
}
|
3.主页面 main.php
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
<!DOCTYPE
html PUBLIC "-//W3C//DTD
XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta
http-equiv="Content-Type" content="text/html;
charset=utf-8" />
<title>无标题文档</title>
<style
type="text/css">
.list{
width:100px;
height:35px;
border:1px
solid #36F;
margin:0px
2px 0px 2px;
text-align:center;
vertical-align:middle;
line-height:35px;}
</style>
</head>
<body>
<h1>主页面</h1>
<?php
session_start();
$uid ="";
if(empty($_SESSION["uid"]))<code class="php
comments">//判断session是否为空</code>
{
header("location:login.php");<code class="php
comments">//空的话就返回登录页面</code>
exit;
}
$uid = $_SESSION["uid"];
require"../DBDA.class.php";
$db = new DBDA();
$sql = "select
* from rules where code in(select distinct ruleid from juesewithrules where jueseid in(select jueseid from userinjuese where userid='{$uid}'))";
$arr = $db->query($sql,1);
foreach($arr as $v)
{
echo "<div
code='{$v[0]}' class='list'>{$v[1]}</div>";
}
?>
</body>
</html>
|
选择登陆张三显示他的权限,效果如下:
更过技术问题解决防范请搜索千锋PHP,千锋论坛