AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 19:34:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add user role in PHP Session to remove dependency on check_login - will require you to logout & back in to take effect after the update

Browse Source
This commit is contained in:
Marcus Hill
2022-05-07 17:44:04 +01:00
parent 5cbd0fad0d
commit 7bb68a36d9
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
functions.php
View File

@@ -443,7 +443,7 @@ function validateCSRFToken($token){
*/ */
function validateAdminRole(){ function validateAdminRole(){
if($session_user_role != 3){ if(!isset($_SESSION['user_role']) || $_SESSION['user_role'] != 3){
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -452,7 +452,7 @@ function validateAdminRole(){
} }
function validateTechRole(){ function validateTechRole(){
if($session_user_role == 1){ if(!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 1){
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -461,7 +461,7 @@ function validateTechRole(){
} }
function validateAccountantRole(){ function validateAccountantRole(){
if($session_user_role == 2){ if(!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 2){
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);

8
login.php
View File

@@ -57,13 +57,15 @@ if(isset($_POST['login'])){
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL"));
if (password_verify($password, $row['user_password'])) { if (password_verify($password, $row['user_password'])) {
// User variables
$token = $row['user_token']; $token = $row['user_token'];
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$user_name = $row['user_name']; $user_name = $row['user_name'];
$user_id = $row['user_id']; $user_id = $row['user_id'];
// CSRF Token // Session info
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_role'] = $row['user_role'];
$_SESSION['csrf_token'] = keygen(); $_SESSION['csrf_token'] = keygen();
// Setup encryption session key // Setup encryption session key