steve07s
/
Authorization


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637
							<?php
include($_SERVER['DOCUMENT_ROOT'] . "/Authorization/script/php/permission/connect_sql.php");
session_start();
$href = 'http://' . $_SERVER['HTTP_HOST'] . '/Front-Page/pages-signin.html';
$ajax = [];
//Can't come in without logged in
if (!isset($_SESSION['loggedin'])) {
	echo json_encode("尚未登入!", JSON_UNESCAPED_UNICODE);
} else {
	if (isset($_GET["page"])) {
		$sql = "SELECT [RightID],[GroupName],[UserName],[PgroupName],[PageName] FROM [UserGroup]
		LEFT JOIN  [GroupRight] ON [GroupRight].[GroupID] = [UserGroup].[GroupID] 
		LEFT JOIN  [Group] ON [GroupRight].[GroupID] = [Group].[GroupID] 
		LEFT JOIN [User] ON [User].[UserID] = [UserGroup].[UserID]
		LEFT JOIN [WebPage] ON [PageID] = ?
		LEFT JOIN [PageGroup] ON [WebPage].[PgroupID] = [PageGroup].[PgroupID]
		WHERE [GroupRight].[PgroupID] = [WebPage].[PgroupID] AND [UserGroup].[UserID] = ?";
		$stmt = sqlsrv_query($conn, $sql, array($_GET["page"], $_SESSION['UserID']));
		$right = -1;
		while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
			if ($row["RightID"] > $right) {
				$groupName = $row["GroupName"];
				$right = $row["RightID"];
				$ajax = $row;
			}
			
		}
		if(count($ajax) > 0) {
			echo json_encode($ajax, JSON_UNESCAPED_UNICODE);
		}else{
			echo json_encode("沒有此頁面權限", JSON_UNESCAPED_UNICODE);
		}
		
	} else {
		echo json_encode("錯誤!", JSON_UNESCAPED_UNICODE);
	}
}