fleat: permission_role_id

conn.php

@@ -20,6 +20,39 @@ function checkLogin() {
     }
 }
 
+function checkAdmin() {
+
+    if ((empty($_SESSION['em_permission_role_id'])||($_SESSION['em_permission_role_id']!=1))) {
+        die("No permission , Please contact the administrator");
+        exit;
+    }
+}
+
+function checkPermission($permission_role_id) {
+    if ((empty($_SESSION['em_permission_role_id'])||($_SESSION['em_permission_role_id']!=$permission_role_id))&&($_SESSION['em_permission_role_id']!=1)) {
+
+        return false;
+    }
+    else
+    {
+        return true;
+    }
+}
+// 检查管理员或组长或组员
+function checkAdminOrEmployee () {
+    if ((empty($_SESSION['em_permission_role_id'])||($_SESSION['em_permission_role_id']!=1)&&($_SESSION['em_permission_role_id']!=2)&&($_SESSION['em_permission_role_id']!=3))) {
+       return false;
+    }
+    else
+    {
+        return true;
+    }
+}
+
+
+
+
+
 // 获取IP
 function getIp() {
     $ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'];

dashboard_search.php

@@ -27,11 +27,7 @@
             <input class="searchSubmit" type="submit" value="客户检索">
         </form>
     </div>
-    <div class="dashboard-item">
-        <h3>统计分析</h3>
-        <p>查看销售业绩、客户分析和业务趋势</p>
-        <a href="statistics.php" target="contentFrame" class="dashboard-link">查看统计</a>
-    </div>
+
 </div>
 </body>
 </html>

index.php

@@ -10,18 +10,19 @@ if ($act == "logout") {
     $currentTime = date('Y-m-d H:i:s');
     $loginAct = $employeeName . " " . $currentTime . "从" . $ip . "退出系统";
     
-    $stmt = $conn->prepare("INSERT INTO logrecord (loginName, loginTime, loginAct) VALUES (?, ?, ?)");
-    $stmt->bind_param("sss", $employeeName, $currentTime, $loginAct);
-    $stmt->execute();
+    // 使用传统SQL拼接替代参数绑定
+    $sql = "INSERT INTO logrecord (loginName, loginTime, loginAct) VALUES ('$employeeName', '$currentTime', '$loginAct')";
+    $conn->query($sql);
     
     // 清除所有session变量
     $sessionVars = ['employee_id', 'employee_name', 't', 't1', 't2', 't3', 't4', 'd1', 'd2'];
     foreach ($sessionVars as $var) {
         unset($_SESSION[$var]);
     }
+    unset($_SESSION['employee_id']);
 }
 
-unset($_SESSION['employee_id']);
+
 
 if ($act == "login") {
 
@@ -44,12 +45,9 @@ if ($act == "login") {
         exit;
     }
 
-    // 查询用户
-
-    $stmt = $conn->prepare("SELECT id, em_user, em_password, em_role, em_code, em_email, em_tel, lastIp FROM employee WHERE em_user = ?");
-    $stmt->bind_param("s", $loginuser);
-    $stmt->execute();
-    $result = $stmt->get_result();
+    // 查询用户 - 使用传统SQL拼接
+    $sql = "SELECT id, em_user, em_password, em_role, em_permission_role_id, em_code, em_email, em_tel, lastIp FROM employee WHERE em_user = '$loginuser'";
+    $result = $conn->query($sql);
     
     if ($result->num_rows == 0) {
         echo "4";
@@ -64,25 +62,24 @@ if ($act == "login") {
     
     $_SESSION['employee_id'] = (int)$row['id'];
     $_SESSION['employee_name'] = $row['em_user'];
+    $_SESSION['em_permission_role_id'] = $row['em_permission_role_id']??0;//权限角色ID
+
+
     echo "7";
     
-    // 更新最后登录IP
-    $stmt = $conn->prepare("UPDATE employee SET lastIp = ? WHERE id = ?");
-    $stmt->bind_param("si", $ip, $_SESSION['employee_id']);
-    $stmt->execute();
+    // 更新最后登录IP - 使用传统SQL拼接
+    $sql = "UPDATE employee SET lastIp = '$ip' WHERE id = " . $_SESSION['employee_id'];
+    $conn->query($sql);
 
-    // 处理回收客户
+    // 处理回收客户 - 使用传统SQL拼接
     $backToSeaStr = "SELECT id, cs_updatetime, cs_claimdate, cs_claimFrom, cs_chain 
                      FROM customer 
                      WHERE cs_claimFrom != '' 
                      AND cs_claimdate > '2023-01-01' 
                      AND cs_deal != 3 
-                     AND cs_belong = ?";
+                     AND cs_belong = " . $_SESSION['employee_id'];
     
-    $stmt = $conn->prepare($backToSeaStr);
-    $stmt->bind_param("i", $_SESSION['employee_id']);
-    $stmt->execute();
-    $result = $stmt->get_result();
+    $result = $conn->query($backToSeaStr);
     
     while ($row = $result->fetch_assoc()) {
         $updateTime = strtotime($row['cs_updatetime']);
@@ -97,45 +94,47 @@ if ($act == "login") {
                        $row['cs_claimFrom'] : 
                        $row['cs_chain'] . "," . $row['cs_claimFrom'];
             
-            $updateStmt = $conn->prepare("UPDATE customer SET cs_belong = ?, cs_chain = ? WHERE id = ?");
-            $updateStmt->bind_param("isi", $row['cs_claimFrom'], $cs_chain, $row['id']);
-            $updateStmt->execute();
+            // 使用传统SQL拼接
+            $updateSql = "UPDATE customer SET cs_belong = " . $row['cs_claimFrom'] . ", cs_chain = '$cs_chain' WHERE id = " . $row['id'];
+            $conn->query($updateSql);
         } elseif ($updateTime > $claimDate) {
-            $updateStmt = $conn->prepare("UPDATE customer SET cs_claimdate = '2022-12-31' WHERE id = ?");
-            $updateStmt->bind_param("i", $row['id']);
-            $updateStmt->execute();
+            // 使用传统SQL拼接
+            $updateSql = "UPDATE customer SET cs_claimdate = '2022-12-31' WHERE id = " . $row['id'];
+            $conn->query($updateSql);
         }
     }
 
-    // 统计数据
+    // 统计数据 - 使用传统SQL拼接
     $counts = [
-        't' => "SELECT COUNT(id) FROM customer WHERE cs_belong = ?",
-        't1' => "SELECT COUNT(id) FROM customer WHERE cs_type = 1 AND cs_belong = ?",
-        't2' => "SELECT COUNT(id) FROM customer WHERE cs_type = 2 AND cs_belong = ?",
-        't3' => "SELECT COUNT(id) FROM customer WHERE cs_type = 3 AND cs_belong = ?",
-        't4' => "SELECT COUNT(id) FROM customer WHERE cs_type = 4 AND cs_belong = ?",
-        'd1' => "SELECT COUNT(id) FROM customer WHERE cs_deal = 3 AND cs_belong = ?",
-        'd2' => "SELECT COUNT(id) FROM customer WHERE cs_deal = 2 AND cs_belong = ?",
-        'd3' => "SELECT COUNT(id) FROM customer WHERE DATEDIFF(NOW(), cs_updatetime) > 120 AND cs_belong = ?"
+        't' => "SELECT COUNT(id) FROM customer WHERE cs_belong = " . $_SESSION['employee_id'],
+        't1' => "SELECT COUNT(id) FROM customer WHERE cs_type = 1 AND cs_belong = " . $_SESSION['employee_id'],
+        't2' => "SELECT COUNT(id) FROM customer WHERE cs_type = 2 AND cs_belong = " . $_SESSION['employee_id'],
+        't3' => "SELECT COUNT(id) FROM customer WHERE cs_type = 3 AND cs_belong = " . $_SESSION['employee_id'],
+        't4' => "SELECT COUNT(id) FROM customer WHERE cs_type = 4 AND cs_belong = " . $_SESSION['employee_id'],
+        'd1' => "SELECT COUNT(id) FROM customer WHERE cs_deal = 3 AND cs_belong = " . $_SESSION['employee_id'],
+        'd2' => "SELECT COUNT(id) FROM customer WHERE cs_deal = 2 AND cs_belong = " . $_SESSION['employee_id'],
+        'd3' => "SELECT COUNT(id) FROM customer WHERE DATEDIFF(NOW(), cs_updatetime) > 120 AND cs_belong = " . $_SESSION['employee_id']
     ];
     
     foreach ($counts as $key => $query) {
-        $stmt = $conn->prepare($query);
-        $stmt->bind_param("i", $_SESSION['employee_id']);
-        $stmt->execute();
-        $result = $stmt->get_result();
+        $result = $conn->query($query);
         $_SESSION[$key] = $result->fetch_row()[0];
     }
 
-    // 记录登录日志
-    $date=date('Y-m-d H:i:s');
-    $stmt = $conn->prepare("INSERT INTO logrecord (loginName, loginTime, loginAct) VALUES (?, ?, ?)");
+    // 记录登录日志 - 使用传统SQL拼接
+    $date = date('Y-m-d H:i:s');
     $loginAct = $_SESSION['employee_name'] . " " . date('Y-m-d H:i:s') . "从" . $ip . "登录";
-    $stmt->bind_param("sss", $_SESSION['employee_name'],$date , $loginAct);
-    $stmt->execute();
+    $sql = "INSERT INTO logrecord (loginName, loginTime, loginAct) VALUES ('" . $_SESSION['employee_name'] . "', '$date', '$loginAct')";
+    $conn->query($sql);
     
     exit;
 }
+
+if(isset($_SESSION['employee_id'])){
+    header("Location: home.php");
+    exit;
+}
+
 ?>
 
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

panel.php

@@ -11,7 +11,7 @@ if ($row = $result->fetch_assoc()) {
     $em_code = textUncode($row['em_code']);
     $em_email = textUncode($row['em_email']);
     $em_tel = textUncode($row['em_tel']);
-    $em_admin=$row['em_admin'];
+    $em_permission_role_id=$row['em_permission_role_id'];
 } else {
     $stmt->close();
     $conn->close();
@@ -19,12 +19,19 @@ if ($row = $result->fetch_assoc()) {
     exit;
 }
 $stmt->close();
+
 ?>
 
 <div class="panel">
     <section>
         <h3><?= $em_user ?></h3>
-        <div class="role_text"><?= ($em_role == 0) ? "组长" : "组员" ?></div>
+        <div class="role_text">
+            <?php
+            $em_permission_role_array=array(0=>"普通",1=>"管理员",2=>"组长",3=>"组员",4=>"分公司");
+            echo $em_permission_role_array[$em_permission_role_id];
+
+            ?>
+        </div>
         <ul class="lxfs">
             <li class="tel"><?= $em_tel ?></li>
             <li class="mail"><?= $em_email ?></li>
@@ -32,7 +39,7 @@ $stmt->close();
     </section>
     <div>
         <dl>
-            <?php if (strpos($em_code, "BX") === false): ?>
+            <?php if (checkAdminOrEmployee()): ?>
                 <dt><a href="../home.php" target="contentFrame">客户查找</a></dt>
             <?php endif; ?>
             <dt><a href="../customerAdd.php" target="contentFrame">客户录入</a></dt>
@@ -47,7 +54,7 @@ $stmt->close();
                     <a href="../customers.php?fliterDeal=2" target="contentFrame">明确需求  (<?= $_SESSION['d2'] ?>)</a>
                     <a href="../customers.php?fliterDeal=3" target="contentFrame">已经成交  (<?= $_SESSION['d1'] ?>)</a>
                     <a href="../customersNew.php" target="contentFrame">本月新增</a>
-                    <?php if (strpos($em_code, "BX") === false): ?>
+                    <?php if (checkAdminOrEmployee()): ?>
                         <a href="../customersFollow.php" target="contentFrame">即将加入公海 </a>
                         <a href="../highSeas.php" target="contentFrame">公司公海(60天无更新)</a>
                         <a href="../claimRecord.php" target="contentFrame">认领记录</a>
@@ -55,15 +62,22 @@ $stmt->close();
                     <?php endif; ?>
                 </div>
             </dt>
+            <?php if (checkAdminOrEmployee()): ?>
             <dt class="subnav">数据
                 <div class="list-wraper">
-                    <a href="../dashboard.php" target="contentFrame">数据看板</a>
-                    <?php if (strpos($em_code, "BX") === false): ?>
+
+                        <a href="../dashboard.php" target="contentFrame">数据看板</a>
                         <a href="../team.php" target="contentFrame">本月小组数据</a>
-                    <?php endif; ?>
+
                 </div>
             </dt>
-            <?php if($em_admin==1){?>
+            <?php endif; ?>
+            <?php
+            //权限角色为的时候显示统计分析
+            if(checkPermission(1))
+            {
+
+             ?>
             <dt class="subnav">统计分析
                 <div class="list-wraper">
                     <a href="statistics.php" target="contentFrame">汇总统计</a>
@@ -77,10 +91,10 @@ $stmt->close();
             </dt>
             <?php }?>
             <dt><a href="../tagClound.php" target="contentFrame">标签云</a></dt>
-            <?php if (strpos($em_code, "BX") === false): ?>
+            <?php if (checkAdminOrEmployee()): ?>
                 <dt><a href="../silentCustomer.php" target="contentFrame">静默客户</a></dt>
             <?php endif; ?>
-            <?php if ($em_role == 0): ?>
+            <?php if(($em_role == 0)&&($em_permission_role_id==2)): ?>
                 <dt class="subnav">我的团队
                     <div class="list-wraper">
                         <a href="../subcustomers.php" target="contentFrame">组员客户</a>

statistics.php

@@ -1,6 +1,8 @@
 <?php
 require_once 'conn.php';
 checkLogin();
+//检查是否管理员
+checkAdmin();
 
 // 计算日期范围
 $current_month_start = date('Y-m-01');

statistics_utils.php

@@ -12,6 +12,9 @@ if (!isset($_SESSION['employee_id'])) {
     checkLogin();
 }
 
+//检查是否管理员
+checkAdmin();
+
 /**
  * 获取和处理日期范围参数
  * 

system/employee.php

@@ -19,6 +19,7 @@ if($act == "save") {
     $em_code = textEncode($_POST['em_code']);
     $em_email = textEncode($_POST['em_email']);
     $em_tel = textEncode($_POST['em_tel']);
+    $em_permission_role_id = $_POST['em_permission_role_id'];
     $nullPwd = false;
 
     if(empty($em_password)) {
@@ -36,7 +37,7 @@ if($act == "save") {
         if($result->num_rows > 0) {
             $password_sql = $nullPwd ? "" : ",em_password='".md5($em_password)."'";
             $sql = "UPDATE employee SET em_user='$em_user'$password_sql,em_role=$em_role,
-                    em_code='$em_code',em_email='$em_email',em_tel='$em_tel' WHERE id=$id";
+                    em_code='$em_code',em_email='$em_email',em_tel='$em_tel',em_permission_role_id=$em_permission_role_id WHERE id=$id";
             $conn->query($sql);
         }
         
@@ -50,8 +51,8 @@ if($act == "save") {
             $em_password = "MTB".$em_code;
         }
         
-        $sql = "INSERT INTO employee(em_user,em_password,em_role,em_code,em_email,em_tel) 
-                VALUES('$em_user','".md5($em_password)."',$em_role,'$em_code','$em_email','$em_tel')";
+        $sql = "INSERT INTO employee(em_user,em_password,em_role,em_code,em_email,em_tel,em_permission_role_id) 
+                VALUES('$em_user','".md5($em_password)."',$em_role,'$em_code','$em_email','$em_tel',$em_permission_role_id)";
         $conn->query($sql);
         header("Location: ?");
         exit;
@@ -106,6 +107,7 @@ if($act == "add" || $act == "edit") {
             $em_code = textUncode($row['em_code']);
             $em_email = textUncode($row['em_email']);
             $em_tel = textUncode($row['em_tel']);
+            $em_permission_role_id = $row['em_permission_role_id'];
         } else {
             $isEdit = false;
         }
@@ -138,20 +140,32 @@ if($act == "add" || $act == "edit") {
                 <td><input type="text" id="em_code" name="em_code" value="<?php echo $em_code ?? ''; ?>" class="txt1" /></td>
             </tr>
             <tr>
-                <th width="8%">角色</th>
+                <th width="8%">该用户上级</th>
                 <td><select name="em_role">
-                    <option value="0">组长</option>
+                    <option value="0">无</option>
                     <?php
                     $query = "SELECT id,em_user FROM employee WHERE em_role=0";
                     $result = $conn->query($query);
                     while($row = $result->fetch_assoc()) {
                         $selected = ($row['id'] == ($em_role ?? '')) ? ' selected="selected"' : '';
-                        echo "<option value=\"{$row['id']}\"$selected>组长:{$row['em_user']}</option>";
+                        echo "<option value=\"{$row['id']}\"$selected>{$row['em_user']}</option>";
                     }
                     ?>
                     </select>
                 </td>
             </tr>
+            <tr>
+                <th width="8%">权限角色</th>
+                <td>
+                    <select name="em_permission_role_id">
+                        <option value="0" <?php echo (isset($em_permission_role_id) && $em_permission_role_id == 0) ? 'selected' : ''; ?>>0 * 普通</option>
+                        <option value="2" <?php echo (isset($em_permission_role_id) && $em_permission_role_id == 2) ? 'selected' : ''; ?>>2 * 组长</option>
+                        <option value="3" <?php echo (isset($em_permission_role_id) && $em_permission_role_id == 3) ? 'selected' : ''; ?>>3 * 组员</option>
+                        <option value="4" <?php echo (isset($em_permission_role_id) && $em_permission_role_id == 4) ? 'selected' : ''; ?>>4 * 分公司</option>
+                        <option value="1" <?php echo (isset($em_permission_role_id) && $em_permission_role_id == 1) ? 'selected' : ''; ?>>1 * 管理员</option>
+                    </select>
+                </td>
+            </tr>
             <tr>
                 <th width="8%">邮箱</th>
                 <td><input type="text" id="em_email" name="em_email" value="<?php echo $em_email ?? ''; ?>" class="txt1" /></td>

system/index.php

@@ -217,7 +217,7 @@ switch($iframe) {
 
         t = outlookbar.addtitle('权限管理','其它管理',1);
         <?php if(chkLogin("权限管理")): ?>
-        outlookbar.additem('员工管理',t,'employee.php');
+        outlookbar.additem('用户管理',t,'employee.php');
         <?php endif; ?>
         </script>
         <body onload="initinav('信息管理')">