menu por roles

jhosan · #1 (**permalink**) 06/11/2009, 13:50

buen dia amigos

tengo una plicacion web con niveles de seguridad y sesiones, pero quiero tener un menu principal y que este solo muestre los datos de acuerdo a su nivel de seguridad.

como puedo hacer esto ?

JessicaTJ · #2 (**permalink**) 06/11/2009, 14:06

Hola jhosan

Puedes agregar una tabla "rank" en la base de datos, y que el usuario haga login y ahi aplicas una funcion "switch" para darle algun rango al usuario, de acuerdo al nivel del usuario, muestras las opciones del menu.

acoevil · #3 (**permalink**) 06/11/2009, 14:08

Y complementarlo con sessiones de usuario para mantener del rank del usuario logueado entre las paginas.

$_SESSION['rank'] = $sql['rank'];

dcreate · #4 (**permalink**) 06/11/2009, 14:24

yo lo hago con sesiones de esta manera

Cita:

$_SESSION['tipo'];

a esa variable le doy los valores de 1:administrador, 2:usuario, 3:invitado

y cuando muestro mi menu lopongo if

Cita:

if($_SESSION['tipo']==1)
{
menu admon
}
elseif($_SESSION['tipo']==2)
{
menu usuario
}
elseif($_SESSION['tipo']==3)
{
menu invitado
}

espero y te ayude

jhosan · #5 (**permalink**) 10/11/2009, 12:57

me podrian dar unejemplo con codigo

tendria que ahcer una tabla nueva y tres tipos de menu para mostrar uno dependiendo del caso ?

dcreate · #6 (**permalink**) 10/11/2009, 13:05

eso es lo q hago, como te lo dije la ves pasada

dcreate · #7 (**permalink**) 10/11/2009, 13:06

de esta mandera lo hago yo, para ver si te puedes guiar:

Código PHP:

  <?php 
include "seguridad.php"; 
 
 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<meta name="author" content="Felix de Jesus Carrillo Celerino"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
<title>Documento sin t&iacute;tulo</title> 
 
<script type="text/javascript" src="stmenu.js"></script> 
</head> 
 
<body  background="images/wall.png"> 
 
<?php $usuario=$_POST['usuario']; 
echo '<script>alert("BIENVENIDO\n** '.strtoupper($_SESSION['usuario']).'**");</script>'; 
    echo "Bienvenido(@): <span class=Estilo3 style='text-transform: uppercase;'><b>".$_SESSION['usuario']."</span>";  
 if($_SESSION['tipo']=="1"){ ?> 
 
<script type="text/javascript"> 
<!-- 
stm_bm(["menu45ba",900,"","blank.gif",0,"","",0,0,250,0,1000,1,0,0,"","",0,0,1,2,"default","hand","",1,25],this); 
stm_bp("p0",[0,4,0,0,2,0,0,9,100,"",-2,"",-2,50,2,3,"#999999","transparent","bluefireback1.gif",1,1,1,"#000000 #666666 #B4C8B4"]); 
stm_ai("p0i0",[0,"INICIO","","",-1,-1,0,"inicio.php","mainFrame","","","","",0,0,0,"","",0,0,0,0,1,"#FFFFF7",1,"#B5BED6",1,"","bg2.gif",3,3,0,0,"#FFFFF7","#000000","#FFFFFF","#FFFFFF","9pt Verdana","9pt Verdana",0,0,"","bg1.gif","","bg3.gif",6,6,25],87,25); 
stm_aix("p0i1","p0i0",[0,"OPERACIONES","","",-1,-1,0,"","_self","","","","",0,0,0,"0604arroldw.gif","0604arroldw.gif",9,7,0,1,1,"#00CCFF"],152,25); 
stm_bp("p1",[1,4,0,0,5,5,0,0,100,"",-2,"",-2,50,2,3,"#999999","#333333","",0,1,1,"#B4C8B4"]); 
stm_ai("p1i0",[0,"GENERAR GRAFICA","","",-1,-1,0,"generar_grafica.php","mainFrame","","","","",0,0,0,"","",0,0,0,1,1,"#00CCFF",1,"#B4C8B4",0,"","",3,0,0,0,"#FFFFF7","#000000","#FFFFFF","#000000","8pt Verdana","8pt Verdana",0,0,"","","","",0,0,0],140,25); 
stm_ep(); 
stm_aix("p0i2","p0i0",[0,"CONSULTAS","","",-1,-1,0,"","_self","","","","",0,0,0,"0604arroldw.gif","0604arroldw.gif",9,7,0,1],130,25); 
stm_bpx("p2","p1",[]); 
stm_aix("p2i0","p1i0",[0,"POR MES","","",-1,-1,0,"consulta_pormes.php"],120,0); 
stm_aix("p2i1","p1i0",[0,"POR AÑO","","",-1,-1,0,"consulta_gral.php"],120,0); 
stm_ep(); 
stm_aix("p0i3","p0i0",[0,"SALIR","","",-1,-1,0,"cerrar_sesion.php","_top","","","","",0,0,0,"","",0,0,0,2],87,25); 
stm_ep(); 
stm_em(); 
//--> 
</script> 
 
<?php }elseif($_SESSION['tipo']=="2"){ ?> 
<a href="http://www.dhtml-menu-builder.com"  style="display:none;visibility:hidden;">Javascript DHTML Drop Down Menu Powered by dhtml-menu-builder.com</a> 
<script type="text/javascript"> 
<!-- 
stm_bm(["menu45ba",900,"","blank.gif",0,"","",0,0,250,0,1000,1,0,0,"","",0,0,1,2,"default","hand","",1,25],this); 
stm_bp("p0",[0,4,0,0,2,0,0,9,100,"",-2,"",-2,50,2,3,"#999999","transparent","bluefireback1.gif",1,1,1,"#000000 #666666 #B4C8B4"]); 
stm_ai("p0i0",[0,"INICIO","","",-1,-1,0,"inicio.php","mainFrame","","","","",0,0,0,"","",0,0,0,0,1,"#FFFFF7",1,"#B5BED6",1,"","bg2.gif",3,3,0,0,"#FFFFF7","#000000","#FFFFFF","#FFFFFF","9pt Verdana","9pt Verdana",0,0,"","bg1.gif","","bg3.gif",6,6,25],87,25); 
stm_aix("p0i1","p0i0",[0,"OPERACIONES","","",-1,-1,0,"","_self","","","","",0,0,0,"0604arroldw.gif","0604arroldw.gif",9,7,0,1,1,"#00CCFF"],152,25); 
stm_bp("p1",[1,4,0,0,5,5,0,9,100,"",-2,"",-2,50,2,3,"#999999","#333333","",0,1,1,"#B4C8B4"]); 
stm_ai("p1i0",[0,"MEDICIONES","","",-1,-1,0,"","_self","","","","",0,0,0,"0604arroldw.gif","0604arroldw.gif",9,7,0,0,1,"#00CCFF",1,"#B4C8B4",0,"","",3,0,0,0,"#FFFFF7","#000000","#FFFFFF","#000000","8pt Verdana","8pt Verdana",0,0,"","","","",0,0,0],140,0); 
stm_bpx("p2","p1",[1,2,0,0,5,5,0,0]); 
stm_aix("p2i0","p1i0",[0,"INGRESAR MEDICIONES","","",-1,-1,0,"nuevo.php","mainFrame","","","","",0,0,0,"","",0,0,0,1],120,0); 
stm_aix("p2i1","p2i0",[0,"INGRESAR MEDICION INDIVIDUAL","","",-1,-1,0,"regis_mediciones_ind.php"],120,0); 
stm_aix("p2i2","p2i0",[0,"MODIFICAR MEDICION","","",-1,-1,0,"bus_modi_medicion.php"],120,0); 
stm_ep(); 
stm_aix("p1i1","p1i0",[0,"INSTALACIONES"],140,0); 
stm_bpx("p3","p2",[]); 
stm_aix("p3i0","p1i0",[0,"INGRESAR NUEVA","","",-1,-1,0,"regis_instala.php","mainFrame","","","","",0,0,0,"","",0,0],120,0); 
stm_aix("p3i1","p3i0",[0,"MODIFICAR O ELIMINAR","","",-1,-1,0,"bus_instala.php"],120,0); 
stm_ep(); 
stm_aix("p1i2","p2i0",[0,"GENERAR GRAFICA","","",-1,-1,0,"generar_grafica.php"],140,25); 
stm_ep(); 
stm_aix("p0i2","p0i0",[0,"CONSULTAS","","",-1,-1,0,"","_self","","","","",0,0,0,"0604arroldw.gif","0604arroldw.gif",9,7,0,1],130,25); 
stm_bpx("p4","p2",[1,4]); 
stm_aix("p4i0","p2i0",[0,"POR MES","","",-1,-1,0,"consulta_pormes.php"],120,0); 
stm_aix("p4i1","p2i0",[0,"POR AÑO","","",-1,-1,0,"consulta_gral.php"],120,0); 
stm_ep(); 
stm_aix("p0i3","p0i0",[0,"SALIR","","",-1,-1,0,"cerrar_sesion.php","_top","","","","",0,0,0,"","",0,0,0,2],87,25); 
stm_ep(); 
stm_em(); 
//--> 
</script> 
 
 
 
 
<?php }elseif($_SESSION['tipo']=="3"){  
 
 
 ?> 
 
<script type="text/javascript"> 
<!-- 
stm_bm(["menu45ba",900,"","blank.gif",0,"","",0,0,250,0,1000,1,0,0,"","",0,0,1,2,"default","hand","",1,25],this); 
stm_bp("p0",[0,4,0,0,2,0,0,9,100,"",-2,"",-2,50,2,3,"#999999","transparent","bluefireback1.gif",1,1,1,"#000000 #666666 #B4C8B4"]); 
stm_ai("p0i0",[0,"INICIO","","",-1,-1,0,"inicio.php","mainFrame","","","","",0,0,0,"","",0,0,0,0,1,"#FFFFF7",1,"#B5BED6",1,"","bg2.gif",3,3,0,0,"#FFFFF7","#000000","#FFFFFF","#FFFFFF","9pt Verdana","9pt Verdana",0,0,"","bg1.gif","","bg3.gif",6,6,25],87,25); 
stm_aix("p0i1","p0i0",[0,"OPERACIONES","","",-1,-1,0,"","_self","","","","",0,0,0,"0604arroldw.gif","0604arroldw.gif",9,7,0,1,1,"#00CCFF"],152,25); 
stm_bp("p1",[1,4,0,0,5,5,0,9,100,"",-2,"",-2,50,2,3,"#999999","#333333","",0,1,1,"#B4C8B4"]); 
stm_ai("p1i0",[0,"MEDICIONES","","",-1,-1,0,"","_self","","","","",0,0,0,"0604arroldw.gif","0604arroldw.gif",9,7,0,0,1,"#00CCFF",1,"#B4C8B4",0,"","",3,0,0,0,"#FFFFF7","#000000","#FFFFFF","#000000","8pt Verdana","8pt Verdana",0,0,"","","","",0,0,0],140,0); 
stm_bpx("p2","p1",[1,2,0,0,5,5,0,0]); 
stm_aix("p2i0","p1i0",[0,"INGRESAR MEDICIONES","","",-1,-1,0,"nuevo.php","mainFrame","","","","",0,0,0,"","",0,0,0,1],120,0); 
stm_aix("p2i1","p2i0",[0,"INGRESAR MEDICION INDIVIDUAL","","",-1,-1,0,"regis_mediciones_ind.php"],120,0); 
stm_aix("p2i2","p2i0",[0,"MODIFICAR MEDICION","","",-1,-1,0,"bus_modi_medicion.php"],120,0); 
stm_ep(); 
stm_aix("p1i1","p1i0",[0,"INSTALACIONES"],140,0); 
stm_bpx("p3","p2",[]); 
stm_aix("p3i0","p1i0",[0,"INGRESAR NUEVA","","",-1,-1,0,"regis_instala.php","mainFrame","","","","",0,0,0,"","",0,0],120,0); 
stm_aix("p3i1","p3i0",[0,"MODIFICAR O ELIMINAR","","",-1,-1,0,"bus_instala.php"],120,0); 
stm_ep(); 
stm_aix("p1i2","p2i0",[0,"GENERAR GRAFICA","","",-1,-1,0,"generar_grafica.php"],140,25); 
stm_ep(); 
stm_aix("p0i2","p0i0",[0,"CONSULTAS","","",-1,-1,0,"","_self","","","","",0,0,0,"0604arroldw.gif","0604arroldw.gif",9,7,0,1],130,25); 
stm_bpx("p4","p2",[1,4]); 
stm_aix("p4i0","p2i0",[0,"POR MES","","",-1,-1,0,"consulta_pormes.php"],120,0); 
stm_aix("p4i1","p2i0",[0,"POR AÑO","","",-1,-1,0,"consulta_gral.php"],120,0); 
stm_ep(); 
stm_aix("p0i3","p0i2",[0,"ACCESO AL SISTEMA"],190,25); 
stm_bpx("p5","p4",[]); 
stm_aix("p5i0","p2i0",[0,"CREAR NUEVA CUENTA","","",-1,-1,0,"crear_cuenta.php"],180,0); 
stm_aix("p5i1","p2i0",[0,"MODIFICAR CUENTA","","",-1,-1,0,"bus_modi_cuenta.php"],180,0); 
stm_aix("p5i2","p2i0",[0,"ELIMINAR CUENTA","","",-1,-1,0,"bus_eli_cuenta.php"],180,0); 
stm_aix("p5i3","p2i0",[0,"VER ENTRADAS Y SALIDAS","","",-1,-1,0,"bitacora.php"],180,0); 
stm_ep(); 
stm_aix("p0i4","p0i0",[0,"SALIR","","",-1,-1,0,"cerrar_sesion.php","_top","","","","",0,0,0,"","",0,0,0,2],87,25); 
stm_ep(); 
stm_em(); 
//--> 
</script> 
 
<?php }?>

dcreate · #8 (**permalink**) 10/11/2009, 13:09

pero primero usao una pagina de login:

Código PHP:

  <?php  
$tiempo=10; 
 
set_time_limit (600); 
 
session_start();  
?> 
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<link rel="icon" href="images/stop.ico" type="image/x-icon"> 
<link rel="shortcut icon" href="images/stop.ico" type="image/x-icon"> 
<meta name="author" content="Felix de Jesus Carrillo Celerino"> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
<title>Documento sin t&iacute;tulo</title> 
<SCRIPT> 
function validar(formulario){ 
  // primera comprobación 
  if(formulario.usuario.value == ''){ 
    // informamos del error 
    alert('INGRESE SU RPE'); 
    // seleccionamos el campo incorrecto 
    formulario.usuario.focus(); 
    return false; 
  } 
  if(formulario.contrasena.value == ''){ 
    // informamos del error 
    alert('INGRESE SU CONTRASEÑA'); 
    // seleccionamos el campo incorrecto 
    formulario.contrasena.focus(); 
    return false; 
  } 
  return true; 
} 
//--> 
function fo() 
{ 
form1.usuario.focus(); 
} 
</script> 
<script language="JavaScript"> 
var txt="                           -   PASSWORD            -                           CFE"; 
var espera=100; 
var refresco=null; 
function rotulo_title() { 
        document.title=txt; 
        txt=txt.substring(1,txt.length)+txt.charAt(0); 
        refresco=setTimeout("rotulo_title()",espera);} 
rotulo_title(); 
      </script> 
<style type="text/css"> 
<!-- 
#Layer2 { 
    position:absolute; 
    width:200px; 
    height:115px; 
    z-index:1; 
    left: 560px; 
    top: 200px; 
} 
#Layer3 { 
    position:absolute; 
    width:200px; 
    height:58px; 
    z-index:1; 
    left: 250px; 
    top: 414px; 
} 
#Layer4 { 
    position:absolute; 
    width:331px; 
    height:67px; 
    z-index:2; 
    left: 11px; 
    top: 14px; 
} 
--> 
</style> 
</head> 
 
<body background="images/wall.png" onload="fo()"> 
<?php 
$x[1]="C"; 
$x[2]="A"; 
$x[3]="R"; 
$x[4]="G"; 
$x[5]="A"; 
$x[6]="N"; 
$x[7]="D"; 
$x[8]="O"; 
$x[9]="."; 
$x[10]="."; 
$x[11]="."; 
$x[12]="."; 
$x[13]="."; 
//$server = mysql_connect($host, $usr, $pwd) or die (); 
//$log = mysql_select_db($ddbb,$server) or die (); 
 
echo "<div id='progress' style='position:relative;padding:2px;width:1000px;height:200px;left:360px;top:280px;'>"; 
for ($i = 1; $i <= 10; $i++) { 
    sleep(1); //no bbdd... ;) 
    //$ins = "INSERT ..."; 
    //$doins = mysql_query($ins) or die(mysql_error());  
    echo "<div style='float:left;margin:20px 0px 0px 3px;width:20px;height:50px;background:#009933    ;color:black;'><b> " . $x[$i] . " </b></div>"; 
    flush(); 
    ob_flush(); 
} 
echo "</div>"; 
echo "<script>document.getElementById('progress').style.display = 'none'</script>"; 
 
?> 
<img src="images/SUTERM.PNG" width="132" height="63" align="right"/> 
 
 
<div id="Layer1"> 
  <form id="form1" onsubmit=" return validar(this)" name="form1" method="post" action="consultar_pas.php"><P align="center">&nbsp;</p> 
    <P align="center">&nbsp;</p> 
    <div id="Layer4"><img src="images/cfe.PNG" width="331" height="66" /></div> 
    <P align="center"><font size=6 face="ARIAL"><B><font size="7">INICIO DE SESION</font></b></font></p> 
    <br /> 
    <br /></label> 
   <center class="Estilo8">  <table width="313" border="0" bordercolor="#000000" bgcolor="#CCCCCC"> 
      <tr> 
        <th colspan="2" bordercolor="#000000"  bgcolor="#33CC33" scope="col"><div align="center" class="Estilo11">INICIAR SESION: </div>          <div align="center" class="Estilo8"></div></th> 
      </tr> 
      <tr> 
      <?php if ($_GET["errorusuario"]=="pai"){echo '<td colspan="2" align="center"  
        bgcolor=red><span class="Estilo3">Contraseña Incorrecta</span></td>';} 
        if ($_GET["errorusuario"]=="pui"){echo '<td colspan="2" align="center"  
        bgcolor=red><span class="Estilo3">NO EXISTE USUARIO</span></td>';} 
         if ($_GET["errorusuario"]=="in"){echo '<td colspan="2" align="center"  
        bgcolor=red><span class="Estilo3">Usuario Invalido</span></td>';} 
         if ($_GET["errorusuario"]==""){echo ' <td colspan="2" align="center"  
            bgcolor=#FFFFFF><span class="Estilo3"><span class="Estilo6">Introduce Tus Datos</span></span></td>';} 
        ?> 
      </tr> 
      <tr bgcolor="#FFFFFF"> 
        <th width="97" scope="col"><div align="left" class="Estilo14">RPE:</div></th> 
        <th width="200" scope="col"><div align="left" class="Estilo8"> 
            <input name="usuario" type="text" id="usuario" value="<?php if (isset($_SESSION['usuario'])){ echo $_SESSION['usuario']; } ?>" style="text-transform: uppercase;"/> 
          </div> 
           
          <span class="Estilo8"> 
          </label>           
          </span></th> 
      </tr> 
      <tr bgcolor="#FFFFFF"> 
        <td height="43"><div align="left" class="Estilo14"><strong>CONTRASE&Ntilde;A:</strong></div></td> 
        <td><div align="left"> 
          <input name="contrasena" type="password" id="contrasena" /> 
        </div></td> 
      </tr> 
      <tr bgcolor="#FFFFFF"> 
        <td height="43" colspan="2"><label> 
        <center><input type="submit" name="Submit" value="ENTRAR" />    
          <input type="button" name="Submit2" value="CANCELAR" onclick="javascript:window.close();"/> 
        </center>       </label> 
          <div align="center"><span class="Estilo8"> 
          </span><span class="Estilo8">          </span></div></td> 
      </tr> 
    </table>  
   </center>  
 
    
</form> 
   
    <form id="form2" name="form2" method="post" action="consultar_pas.php"> 
      
       
      <div align="center"> 
        <input name="usuario" type="hidden" id="usuario" value="invitado" /> 
        <input name="contrasena" type="hidden" id="contrasena" value="invitado" /> 
           
        <input type="submit" name="Submit3" value="ENTRAR COMO INVITADO" /> 
      </div> 
    </form> 
  
 
 
 
 
</body> 
</html>

y la consulta_pas.php

Código PHP:

  <?php  
date_default_timezone_set('America/Monterrey'); 
$fecha=date("Y-m-d"); 
$hora_local  = mktime(date("H"),date("i"),date("s")); 
$hora=getdate($hora_local); 
$h=$hora[hours].":".$hora[minutes].":".$hora[seconds];  
session_start();  
 
include("conexion.php");  
 
//guardamos los valores que fueron enviados por el formulario en variables de sesion  
$_SESSION['usuario'] = $_POST['usuario'];  
 
 
$usuario=$_POST['usuario']; 
$contrasena=$_POST['contrasena']; 
 
conectar(); 
$queEmp_usuario=mysql_query("SELECT alias,password,tipo FROM password WHERE alias='$usuario'"); 
$existe_usuario=mysql_num_rows($queEmp_usuario);  
$registro=mysql_fetch_row($queEmp_usuario); 
desconectar(); 
 
 
 
if($existe_usuario>0) 
{ 
if($registro[1]==$contrasena && $registro[1]!='') 
{ 
    //admin y contraseña válidos y defino tipo $session para que pueda dar los privilegios 
    $_SESSION['tipo']=$registro[2];     
// el 1 siginifica si se encuentra en la busqueda 1 me va mostrar un linck y en el 2 me muestra otro etc 
$_SESSION['usuario']=$registro[0]; 
$_SESSION["admitido"]= "si"; 
$user=$_SESSION['usuario']; 
conectar(); 
mysql_query("INSERT INTO bitacora(rpe,fecha,operacion,hora) VALUE('$user','$fecha','INGRESO AL SISTEMA','$h')"); 
desconectar(); 
header ("Location:frame.php");     
} 
else 
{ 
//contraseña incorrecta incorrecto 
header("Location: password.php?errorusuario=pai"); 
} 
 
 
} 
else 
{ 
//contraseña incorrecta incorrecto 
header("Location: password.php?errorusuario=pui"); 
}  
     
 
?> 
 
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>CFE</title> 
</head> 
<body> 
</body> 
</html>

espero te ayude. suerte