AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

New Function enforceClientAccess() and added to contact post and client inc all This enforces user client access if set at post and in other places easily

Browse Source
This commit is contained in:
johnnyq
2026-03-06 13:05:11 -05:00
parent 30357b9cf7
commit 8fc3dfed1f
5 changed files with 121 additions and 635 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
agent/includes/inc_all_client.php
View File

@@ -12,17 +12,7 @@ if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);
// Client Access Check
// Ensure the user has permission to access this client (admins ignored)
if (!in_array($client_id, $client_access_array) AND !empty($client_access_string) AND !$session_is_admin) {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Access', log_description = '$session_name was denied permission from accessing client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $client_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Access Denied - You do not have permission to access that client!";
echo "<script>window.history.back();</script>";
exit();
}
enforceClientAccess();
$sql = mysqli_query($mysqli, "UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id");
@@ -136,7 +126,6 @@ if (isset($_GET['client_id'])) {
$credit_balance = floatval($row['credit_balance']);
// Badge Counts
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('contact_id') AS num FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id"));
$num_contacts = $row['num'];