<?php session_start(); if(empty($_SESSION["uid"]))//判断SESSION是不是为空 { header("location:EOA.PHP");//为空返回主页 exit; } $uid =$_SESSION["uid"]; require "../class/XiangMu.class.php"; $db = new xiangmu(); $sqlqx = "select Qxian from users where uid ='{$uid}'";//从USERS表中读取权限 $qx =$db->strquery($sqlqx); $arrqx = explode(',',$qx);//字符串转为数组 $arrurl= array(); foreach($arrqx as $q) { $sqlurl=" select url from quanxian where code = '{$q}' ";//编译字符串用code 查quanxian 表中的url $arrurl[]="/EOA/php/".($db->strquery($sqlurl));//拼接地址放入数组中 } $url= $_SERVER['PHP_SELF'];//获取当前页面的地址 if(!in_array($url,$arrurl))//判断地当前页面是不是在该权限中 { header("location:EOA.PHP");//不在的权限跳转到登入页面 exit; } ?>