Beispiel #1
0
function lz_on_ready()
{
    //登录验证
    if (LZ_MODULE == 'admin') {
        if (!$_SESSION['login_user']) {
            header("location:index.php?p=login&module=admin");
            die;
        }
        include_once 'model/rights.php';
        $rights = new LZ_Rights();
        $r = $rights->get_one($_SESSION['login_user']['rights_id']);
        unset($_SESSION['login_user']['rights']);
        unset($_SESSION['login_user']['allowed_controllers']);
        unset($_SESSION['login_user']['allowed_categories']);
        if ($r && $r['rights']) {
            $arr = explode(',', $r['rights']);
            $allowed_categories = array();
            foreach ($arr as $val) {
                $_SESSION['login_user']['rights'][$val] = true;
                if (preg_match('/^category_\\d/i', $val)) {
                    $val = preg_replace('/^category_/i', '', $val);
                    $allowed_categories[] = $val;
                }
                $val = preg_replace('/_\\w*$/i', '', $val);
                $_SESSION['login_user']['allowed_controllers'][$val] = true;
            }
            $_SESSION['login_user']['allowed_categories'] = join(',', $allowed_categories);
        }
    }
    //解析url 得到 id
    if (preg_match('/\\?(\\d{1,})$/', $_SERVER['REQUEST_URI'], $matches)) {
        $_GET['id'] = $matches[1];
    }
}
Beispiel #2
0
<?php

LZ_MODULE != 'admin' && die('Access Denied');
include_once 'model/rights.php';
$rights = new LZ_Rights();
$m = $_GET['m'];
include_once 'model/category.php';
$category = new LZ_Category();
$rights_id = $_GET['rights_id'];
if ($m == 'new_group') {
    $data = filter_array($_POST, 'name!');
    if ($data && $rights->add($data)) {
        lz_exit(lang('rights_add_success'), 'admin.php?p=rights');
    } else {
        lz_exit(lang('rights_add_failed'), 'admin.php?p=rights');
    }
} elseif ($m == 'config' && $rights_id) {
    $r = array();
    foreach ($_POST as $key => $val) {
        if (strtolower($val) == 'on') {
            $r[] = $key;
        }
    }
    $data['rights'] = join(',', $r);
    if ($rights->update($rights_id, $data)) {
        lz_exit(lang('rights_updated'), 'admin.php?p=rights');
    }
}
if ($rights_id) {
    $_SESSION['login_user']['rights']['limit_category_id'] = false;
    $view_data['rights'] = $lz_rights;