From 53c888c4b8738f7f5180474ee783e1312a00cd18 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Wed, 27 Nov 2024 11:50:45 -0500
Subject: [PATCH] Add User Type to session, along with user type check

---
 check_login.php            | 5 +++++
 login.php                  | 1 +
 portal/check_login.php     | 6 ++++++
 portal/login.php           | 1 +
 portal/login_microsoft.php | 1 +
 5 files changed, 14 insertions(+)

diff --git a/check_login.php b/check_login.php
index c2162dbb..05e6cd94 100644
--- a/check_login.php
+++ b/check_login.php
@@ -27,6 +27,11 @@ if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
     exit;
 }
 
+// Check user type
+if ($_SESSION['user_type'] !== 1) {
+    header("Location: login.php");
+    exit();
+}
 
 // Set Timezone
 require_once "inc_set_timezone.php";
diff --git a/login.php b/login.php
index b37b65e7..d093e5df 100644
--- a/login.php
+++ b/login.php
@@ -194,6 +194,7 @@ if (isset($_POST['login'])) {
             // Session info
             $_SESSION['user_id'] = $user_id;
             $_SESSION['user_name'] = $user_name;
+            $_SESSION['user_type'] = 1;
             $_SESSION['user_role'] = $user_role;
             $_SESSION['csrf_token'] = randomString(156);
             $_SESSION['logged'] = true;
diff --git a/portal/check_login.php b/portal/check_login.php
index 4392e558..8936b148 100644
--- a/portal/check_login.php
+++ b/portal/check_login.php
@@ -20,6 +20,12 @@ if (!isset($_SESSION['client_logged_in']) || !$_SESSION['client_logged_in']) {
     die;
 }
 
+// Check user type
+if ($_SESSION['user_type'] !== 2) {
+    header("Location: login.php");
+    exit();
+}
+
 // Set Timezone
 require_once "../inc_set_timezone.php";
 
diff --git a/portal/login.php b/portal/login.php
index 10bc8259..c4feff53 100644
--- a/portal/login.php
+++ b/portal/login.php
@@ -72,6 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
                 $_SESSION['client_logged_in'] = true;
                 $_SESSION['client_id'] = $client_id;
                 $_SESSION['user_id'] = $user_id;
+                $_SESSION['user_type'] = 2;
                 $_SESSION['contact_id'] = $contact_id;
                 $_SESSION['login_method'] = "local";
 
diff --git a/portal/login_microsoft.php b/portal/login_microsoft.php
index 783dfa0a..54306c85 100644
--- a/portal/login_microsoft.php
+++ b/portal/login_microsoft.php
@@ -114,6 +114,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
                 $_SESSION['client_logged_in'] = true;
                 $_SESSION['client_id'] = $client_id;
                 $_SESSION['user_id'] = $user_id;
+                $_SESSION['user_type'] = 2;
                 $_SESSION['contact_id'] = $contact_id;
                 $_SESSION['login_method'] = "azure";