AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 11:24:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added logic to the inc_all_client.php file to deny access to users with client access permissions set

Browse Source
This commit is contained in:
johnnyq
2024-05-10 13:05:32 -04:00
parent 5f7ca75d1f
commit e16dce190f
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
inc_all_client.php
View File

@@ -6,14 +6,15 @@ require_once "functions.php";
require_once "check_login.php";
require_once "header.php";
require_once "top_nav.php";
if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);
// Check to see if the logged in user has permission to access this client (Admins have access to all no matter what perms are set)
if(!in_array($client_id, $client_access_array) AND !empty($client_access_string) AND $session_user_role < 3) {
echo "You don't have permission to access this client";
exit();
}
$sql = mysqli_query($mysqli, "UPDATE clients SET client_accessed_at = NOW() WHERE client_id = $client_id");
$sql = mysqli_query(
@@ -231,6 +232,10 @@ if (isset($_GET['client_id'])) {
}
}
require_once "header.php";
require_once "top_nav.php";
require_once "client_side_nav.php";
require_once "inc_wrapper.php";