mirror of https://github.com/itflow-org/itflow
Broke up the check_login.php require into several files seperated by function and then required them in the check_login
This commit is contained in:
johnnyq
parent
c8984d1bc9
commit
44fdb6c24f
|
|
@ -0,0 +1,11 @@
|
|||
<?php
|
||||
|
||||
// Check user is logged in with a valid session
|
||||
if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
|
||||
if ($_SERVER["REQUEST_URI"] == "/") {
|
||||
header("Location: ../login.php");
|
||||
} else {
|
||||
header("Location: ../login.php?last_visited=" . base64_encode($_SERVER["REQUEST_URI"]) );
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
|
@ -1,118 +1,10 @@
|
|||
<?php
|
||||
|
||||
if (!isset($_SESSION)) {
|
||||
// HTTP Only cookies
|
||||
ini_set("session.cookie_httponly", true);
|
||||
if ($config_https_only) {
|
||||
// Tell client to only send cookie(s) over HTTPS
|
||||
ini_set("session.cookie_secure", true);
|
||||
}
|
||||
session_start();
|
||||
}
|
||||
|
||||
|
||||
// Check to see if setup is enabled
|
||||
if (!isset($config_enable_setup) || $config_enable_setup == 1) {
|
||||
header("Location: setup");
|
||||
exit;
|
||||
}
|
||||
|
||||
// Check user is logged in with a valid session
|
||||
if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
|
||||
if ($_SERVER["REQUEST_URI"] == "/") {
|
||||
header("Location: ../login.php");
|
||||
} else {
|
||||
header("Location: ../login.php?last_visited=" . base64_encode($_SERVER["REQUEST_URI"]) );
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// Set Timezone
|
||||
require_once "session_init.php";
|
||||
require_once "redirect_if_setup_enabled.php";
|
||||
require_once "auth_check.php";
|
||||
require_once "inc_set_timezone.php";
|
||||
|
||||
|
||||
// User Vars and User Settings
|
||||
$session_ip = sanitizeInput(getIP());
|
||||
$session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
|
||||
|
||||
$session_user_id = intval($_SESSION['user_id']);
|
||||
|
||||
$sql = mysqli_query(
|
||||
$mysqli,
|
||||
"SELECT * FROM users
|
||||
LEFT JOIN user_settings ON users.user_id = user_settings.user_id
|
||||
LEFT JOIN user_roles ON user_role_id = role_id
|
||||
WHERE users.user_id = $session_user_id");
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$session_name = sanitizeInput($row['user_name']);
|
||||
$session_email = $row['user_email'];
|
||||
$session_avatar = $row['user_avatar'];
|
||||
$session_token = $row['user_token']; // MFA Token
|
||||
$session_user_type = intval($row['user_type']);
|
||||
$session_user_role = intval($row['user_role_id']);
|
||||
$session_user_role_display = sanitizeInput($row['role_name']);
|
||||
if (isset($row['role_is_admin']) && $row['role_is_admin'] == 1) {
|
||||
$session_is_admin = true;
|
||||
} else {
|
||||
$session_is_admin = false;
|
||||
}
|
||||
$session_user_config_force_mfa = intval($row['user_config_force_mfa']);
|
||||
$user_config_records_per_page = intval($row['user_config_records_per_page']);
|
||||
$user_config_theme_dark = intval($row['user_config_theme_dark']);
|
||||
|
||||
// Check user type
|
||||
if ($session_user_type !== 1) {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
// Company Vars and Company Settings
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE settings.company_id = companies.company_id AND companies.company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$session_company_name = $row['company_name'];
|
||||
$session_company_country = $row['company_country'];
|
||||
$session_company_locale = $row['company_locale'];
|
||||
$session_company_currency = $row['company_currency'];
|
||||
|
||||
|
||||
// Set Currency Format
|
||||
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
|
||||
|
||||
// Get User Client Access Permissions
|
||||
$user_client_access_sql = "SELECT client_id FROM user_client_permissions WHERE user_id = $session_user_id";
|
||||
$user_client_access_result = mysqli_query($mysqli, $user_client_access_sql);
|
||||
|
||||
$client_access_array = [];
|
||||
while ($row = mysqli_fetch_assoc($user_client_access_result)) {
|
||||
$client_access_array[] = $row['client_id'];
|
||||
}
|
||||
|
||||
$client_access_string = implode(',', $client_access_array);
|
||||
|
||||
// Client access permission check
|
||||
// Default allow, if a list of allowed clients is set & the user isn't an admin, restrict them
|
||||
$access_permission_query = "";
|
||||
if ($client_access_string && !$session_is_admin) {
|
||||
$access_permission_query = "AND clients.client_id IN ($client_access_string)";
|
||||
}
|
||||
|
||||
// Include the settings vars
|
||||
require_once "load_user_session.php";
|
||||
require_once "load_company_settings.php";
|
||||
require_once "get_settings.php";
|
||||
|
||||
//Detects if using an Apple device and uses Apple Maps instead of google
|
||||
$iPod = stripos($_SERVER['HTTP_USER_AGENT'], "iPod");
|
||||
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'], "iPhone");
|
||||
$iPad = stripos($_SERVER['HTTP_USER_AGENT'], "iPad");
|
||||
|
||||
if ($iPod || $iPhone || $iPad) {
|
||||
$session_map_source = "apple";
|
||||
} else {
|
||||
$session_map_source = "google";
|
||||
}
|
||||
|
||||
// Check if mobile device
|
||||
$session_mobile = isMobile();
|
||||
require_once "detect_device_type.php";
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
<?php
|
||||
$iPod = stripos($_SERVER['HTTP_USER_AGENT'], "iPod");
|
||||
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'], "iPhone");
|
||||
$iPad = stripos($_SERVER['HTTP_USER_AGENT'], "iPad");
|
||||
|
||||
$session_map_source = ($iPod || $iPhone || $iPad) ? "apple" : "google";
|
||||
|
||||
$session_mobile = isMobile();
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
<?php
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE settings.company_id = companies.company_id AND companies.company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$session_company_name = $row['company_name'];
|
||||
$session_company_country = $row['company_country'];
|
||||
$session_company_locale = $row['company_locale'];
|
||||
$session_company_currency = $row['company_currency'];
|
||||
|
||||
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
<?php
|
||||
|
||||
$session_ip = sanitizeInput(getIP());
|
||||
$session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
|
||||
$session_user_id = intval($_SESSION['user_id']);
|
||||
|
||||
$sql = mysqli_query(
|
||||
$mysqli,
|
||||
"SELECT * FROM users
|
||||
LEFT JOIN user_settings ON users.user_id = user_settings.user_id
|
||||
LEFT JOIN user_roles ON user_role_id = role_id
|
||||
WHERE users.user_id = $session_user_id"
|
||||
);
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$session_name = sanitizeInput($row['user_name']);
|
||||
$session_email = $row['user_email'];
|
||||
$session_avatar = $row['user_avatar'];
|
||||
$session_token = $row['user_token'];
|
||||
$session_user_type = intval($row['user_type']);
|
||||
$session_user_role = intval($row['user_role_id']);
|
||||
$session_user_role_display = sanitizeInput($row['role_name']);
|
||||
$session_is_admin = isset($row['role_is_admin']) && $row['role_is_admin'] == 1;
|
||||
$session_user_config_force_mfa = intval($row['user_config_force_mfa']);
|
||||
$user_config_records_per_page = intval($row['user_config_records_per_page']);
|
||||
$user_config_theme_dark = intval($row['user_config_theme_dark']);
|
||||
|
||||
if ($session_user_type !== 1) {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
header("Location: login.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
// Load user client permissions
|
||||
$user_client_access_sql = "SELECT client_id FROM user_client_permissions WHERE user_id = $session_user_id";
|
||||
$user_client_access_result = mysqli_query($mysqli, $user_client_access_sql);
|
||||
|
||||
$client_access_array = [];
|
||||
while ($row = mysqli_fetch_assoc($user_client_access_result)) {
|
||||
$client_access_array[] = $row['client_id'];
|
||||
}
|
||||
|
||||
$client_access_string = implode(',', $client_access_array);
|
||||
$access_permission_query = "";
|
||||
if ($client_access_string && !$session_is_admin) {
|
||||
$access_permission_query = "AND clients.client_id IN ($client_access_string)";
|
||||
}
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
<?php
|
||||
|
||||
if (!isset($config_enable_setup) || $config_enable_setup == 1) {
|
||||
header("Location: /setup");
|
||||
exit;
|
||||
}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
<?php
|
||||
|
||||
if (!isset($_SESSION)) {
|
||||
// HTTP Only cookies
|
||||
ini_set("session.cookie_httponly", true);
|
||||
if ($config_https_only) {
|
||||
// Tell client to only send cookie(s) over HTTPS
|
||||
ini_set("session.cookie_secure", true);
|
||||
}
|
||||
session_start();
|
||||
}
|
||||
|
|
@ -1,14 +1,20 @@
|
|||
<?php
|
||||
|
||||
// Configuration & core
|
||||
require_once "../config.php";
|
||||
require_once "../functions.php";
|
||||
require_once "../includes/router.php";
|
||||
require_once "../includes/check_login.php";
|
||||
|
||||
// Page setup
|
||||
require_once "../includes/page_title.php";
|
||||
|
||||
// Layout UI
|
||||
require_once "../includes/header.php";
|
||||
require_once "../includes/top_nav.php";
|
||||
require_once "includes/get_side_nav_counts.php";
|
||||
require_once "includes/side_nav.php";
|
||||
|
||||
// Wrapper & alerts
|
||||
require_once "../includes/inc_wrapper.php";
|
||||
require_once "../includes/inc_alert_feedback.php";
|
||||
require_once "../includes/filter_header.php";
|
||||
|
|
|
|||
Loading…
Reference in New Issue