Added logic to the inc_all_client.php file to deny access to users with client access permissions set

2026-02-28 02:44:53 +00:00 · 2024-05-10 13:05:32 -04:00
parent 5f7ca75d1f
commit e16dce190f
2 changed files with 13 additions and 8 deletions
--- a/check_login.php
+++ b/check_login.php
@@ -73,12 +73,12 @@ try {
    $user_client_access_sql = "SELECT client_id FROM user_permissions WHERE user_id = $session_user_id";
    $user_client_access_result = mysqli_query($mysqli, $user_client_access_sql);

-    $access_client_ids = [];
+    $client_access_array = [];
    while ($row = mysqli_fetch_assoc($user_client_access_result)) {
-        $access_client_ids[] = $row['client_id'];
+        $client_access_array[] = $row['client_id'];
    }

-    $client_access_string = implode(',', $access_client_ids);
+    $client_access_string = implode(',', $client_access_array);

    // Role / Client Access Permission Check
    if ($session_user_role < 3 && !empty($client_access_string)) {