<?php
session_start();
if(empty($_SESSION["uid"]))//判断SESSION是不是为空
{
header("location:EOA.PHP");//为空返回主页
exit;
}
$uid =$_SESSION["uid"];
require "../class/XiangMu.class.php";
$db = new xiangmu();
$sqlqx = "select Qxian from users where uid ='{$uid}'";//从USERS表中读取权限
$qx =$db->strquery($sqlqx);
$arrqx = explode(',',$qx);//字符串转为数组
$arrurl= array();
foreach($arrqx as $q)
{
$sqlurl=" select url from quanxian where code = '{$q}' ";//编译字符串用code 查quanxian 表中的url
$arrurl[]="/EOA/php/".($db->strquery($sqlurl));//拼接地址放入数组中
}
$url= $_SERVER['PHP_SELF'];//获取当前页面的地址
if(!in_array($url,$arrurl))//判断地当前页面是不是在该权限中
{
header("location:EOA.PHP");//不在的权限跳转到登入页面
exit;
}
?>