AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added logic to the inc_all_client.php file to deny access to users with client access permissions set

This commit is contained in:
johnnyq 2024-05-10 13:05:32 -04:00
parent 5f7ca75d1f
commit e16dce190f
2 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
check_login.php
View File

@ -73,12 +73,12 @@ try {
$user_client_access_sql = "SELECT client_id FROM user_permissions WHERE user_id = $session_user_id";
$user_client_access_result = mysqli_query($mysqli, $user_client_access_sql);
$access_client_ids = [];
$client_access_array = [];
while ($row = mysqli_fetch_assoc($user_client_access_result)) {
$access_client_ids[] = $row['client_id'];
$client_access_array[] = $row['client_id'];
}
$client_access_string = implode(',', $access_client_ids);
$client_access_string = implode(',', $client_access_array);
// Role / Client Access Permission Check
if ($session_user_role < 3 && !empty($client_access_string)) {

15
inc_all_client.php
View File

@ -6,14 +6,15 @@ require_once "functions.php";
require_once "check_login.php";
require_once "header.php";
require_once "top_nav.php";
if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);
// Check to see if the logged in user has permission to access this client (Admins have access to all no matter what perms are set)
if(!in_array($client_id, $client_access_array) AND !empty($client_access_string) AND $session_user_role < 3) {
echo "You don't have permission to access this client";
exit();
}
$sql = mysqli_query($mysqli, "UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id");
$sql = mysqli_query(
@ -231,6 +232,10 @@ if (isset($_GET['client_id'])) {
}
}
require_once "header.php";
require_once "top_nav.php";
require_once "client_side_nav.php";
require_once "inc_wrapper.php";