From fe94036b3a7227334129143acd698105aa646ffd Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Thu, 9 Jan 2025 15:11:07 +0000
Subject: [PATCH] Implement new admin check

Uses the new $session_is_admin rather than the old validateAdminRole.
Reverts #1065
---
 inc_all_admin.php | 7 +++----
 top_nav.php       | 4 ++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/inc_all_admin.php b/inc_all_admin.php
index 186fd77a..0803e149 100644
--- a/inc_all_admin.php
+++ b/inc_all_admin.php
@@ -6,10 +6,9 @@ require_once "functions.php";
 
 require_once "check_login.php";
 
-validateAdminRole();
-
-// TODO: Change this to enforceAdminPermission();
-//  We can't do this until everyone has the new database fields added in db 1.4.9 on Sept 14th 2024
+if (!isset($session_is_admin) || !$session_is_admin) {
+    exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
+}
 
 require_once "header.php";
 
diff --git a/top_nav.php b/top_nav.php
index 276bc203..7725c6d3 100644
--- a/top_nav.php
+++ b/top_nav.php
@@ -161,8 +161,8 @@
                 </li>
                 <!-- Menu Footer-->
                 <li class="user-footer">
-                    <?php if ($session_user_role == 3) { ?>
-                    <a href="admin_user.php" class="btn btn-default btn-block btn-flat mb-2"><i class="fas fa-user-shield mr-2"></i>Administration</a>
+                    <?php if ($session_is_admin) { ?>
+                        <a href="admin_user.php" class="btn btn-default btn-block btn-flat mb-2"><i class="fas fa-user-shield mr-2"></i>Administration</a>
                     <?php } ?>
                     <a href="user_details.php" class="btn btn-default btn-flat"><i class="fas fa-user-cog mr-2"></i>Account</a>
                     <a href="post.php?logout" class="btn btn-default btn-flat float-right"><i class="fas fa-sign-out-alt mr-2"></i>Logout</a>