diff --git a/functions.php b/functions.php index 334dad0f..17225768 100644 --- a/functions.php +++ b/functions.php @@ -443,7 +443,7 @@ function validateCSRFToken($token){ */ function validateAdminRole(){ - if($session_user_role != 3){ + if(!isset($_SESSION['user_role']) || $_SESSION['user_role'] != 3){ $_SESSION['alert_type'] = "danger"; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -452,7 +452,7 @@ function validateAdminRole(){ } function validateTechRole(){ - if($session_user_role == 1){ + if(!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 1){ $_SESSION['alert_type'] = "danger"; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; header("Location: " . $_SERVER["HTTP_REFERER"]); @@ -461,7 +461,7 @@ function validateTechRole(){ } function validateAccountantRole(){ - if($session_user_role == 2){ + if(!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 2){ $_SESSION['alert_type'] = "danger"; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/login.php b/login.php index 3f013a72..adc8feb3 100644 --- a/login.php +++ b/login.php @@ -57,13 +57,15 @@ if(isset($_POST['login'])){ $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL")); if (password_verify($password, $row['user_password'])) { + // User variables $token = $row['user_token']; - $_SESSION['user_id'] = $row['user_id']; - $_SESSION['user_name'] = $row['user_name']; $user_name = $row['user_name']; $user_id = $row['user_id']; - // CSRF Token + // Session info + $_SESSION['user_id'] = $row['user_id']; + $_SESSION['user_name'] = $row['user_name']; + $_SESSION['user_role'] = $row['user_role']; $_SESSION['csrf_token'] = keygen(); // Setup encryption session key