Check for user type of during login and set a temp if condition on check_login.php to see if user_type field exists and query user based off that result, the condition will be removed at a later date

2024-10-22 17:06:18 -04:00 · 2024-10-22 17:06:18 -04:00 · ee19e1b967
parent ba64a179c6
commit ee19e1b967
2 changed files with 31 additions and 8 deletions
--- a/check_login.php
+++ b/check_login.php
@ -38,13 +38,36 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);

 $session_user_id = intval($_SESSION['user_id']);

-$sql = mysqli_query(
-    $mysqli,
-    "SELECT * FROM users
-    LEFT JOIN user_settings ON users.user_id = user_settings.user_id
-    LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
-    WHERE users.user_id = $session_user_id"
-);
+//REMOVE After everyone has updated
+$column_check_query = "
+    SELECT COUNT(*)
+    FROM INFORMATION_SCHEMA.COLUMNS 
+    WHERE TABLE_NAME = 'users' 
+      AND COLUMN_NAME = 'user_type'
+";
+
+$result = mysqli_query($mysqli, $column_check_query);
+$column_exists = mysqli_fetch_row($result)[0] > 0;
+
+if ($column_exists) {
+    $sql = mysqli_query(
+        $mysqli,
+        "SELECT * FROM users
+        LEFT JOIN user_settings ON users.user_id = user_settings.user_id
+        LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
+        WHERE user_type = 1 
+        AND users.user_id = $session_user_id"
+    );
+} else {
+    $sql = mysqli_query(
+        $mysqli,
+        "SELECT * FROM users
+        LEFT JOIN user_settings ON users.user_id = user_settings.user_id
+        LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
+        WHERE users.user_id = $session_user_id"
+    );
+}
+
 $row = mysqli_fetch_array($sql);
 $session_name = sanitizeInput($row['user_name']);
 $session_email = $row['user_email'];
--- a/login.php
+++ b/login.php
@ -103,7 +103,7 @@ if (isset($_POST['login'])) {
        $current_code = intval($_POST['current_code']);
    }

-    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1"));
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1 AND user_type = 1"));

    // Check password
    if ($row && password_verify($password, $row['user_password'])) {