function lz_on_ready()
{
//登录验证
if (LZ_MODULE == 'admin') {
if (!$_SESSION['login_user']) {
header("location:index.php?p=login&module=admin");
die;
}
include_once 'model/rights.php';
$rights = new LZ_Rights();
$r = $rights->get_one($_SESSION['login_user']['rights_id']);
unset($_SESSION['login_user']['rights']);
unset($_SESSION['login_user']['allowed_controllers']);
unset($_SESSION['login_user']['allowed_categories']);
if ($r && $r['rights']) {
$arr = explode(',', $r['rights']);
$allowed_categories = array();
foreach ($arr as $val) {
$_SESSION['login_user']['rights'][$val] = true;
if (preg_match('/^category_\\d/i', $val)) {
$val = preg_replace('/^category_/i', '', $val);
$allowed_categories[] = $val;
}
$val = preg_replace('/_\\w*$/i', '', $val);
$_SESSION['login_user']['allowed_controllers'][$val] = true;
}
$_SESSION['login_user']['allowed_categories'] = join(',', $allowed_categories);
}
}
//解析url 得到 id
if (preg_match('/\\?(\\d{1,})$/', $_SERVER['REQUEST_URI'], $matches)) {
$_GET['id'] = $matches[1];
}
}
<?php
LZ_MODULE != 'admin' && die('Access Denied');
include_once 'model/rights.php';
$rights = new LZ_Rights();
$m = $_GET['m'];
include_once 'model/category.php';
$category = new LZ_Category();
$rights_id = $_GET['rights_id'];
if ($m == 'new_group') {
$data = filter_array($_POST, 'name!');
if ($data && $rights->add($data)) {
lz_exit(lang('rights_add_success'), 'admin.php?p=rights');
} else {
lz_exit(lang('rights_add_failed'), 'admin.php?p=rights');
}
} elseif ($m == 'config' && $rights_id) {
$r = array();
foreach ($_POST as $key => $val) {
if (strtolower($val) == 'on') {
$r[] = $key;
}
}
$data['rights'] = join(',', $r);
if ($rights->update($rights_id, $data)) {
lz_exit(lang('rights_updated'), 'admin.php?p=rights');
}
}
if ($rights_id) {
$_SESSION['login_user']['rights']['limit_category_id'] = false;
$view_data['rights'] = $lz_rights;
