diff --git a/access_element.php b/access_element.php index 87be76b..e02ee99 100644 --- a/access_element.php +++ b/access_element.php @@ -14,16 +14,16 @@ include_once './settings/settings_redirector.php'; $_SESSION['prev_origin_access_element'] = $_SERVER['REQUEST_URI']; $page = 'access_element'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'access_element_manage'; -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; diff --git a/access_element_manage.php b/access_element_manage.php index 2100be2..1394bae 100644 --- a/access_element_manage.php +++ b/access_element_manage.php @@ -12,14 +12,14 @@ include_once './settings/settings_redirector.php'; $page = 'access_element_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input values $element = [ diff --git a/access_elements.php b/access_elements.php index 57363d1..6dac667 100644 --- a/access_elements.php +++ b/access_elements.php @@ -17,15 +17,15 @@ $page = $_SESSION['origin'] = 'access_elements'; $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'access_element_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Function to scan project for new PHP files and add to access_elements function scan_and_update_access_elements() { diff --git a/account.php b/account.php index 3303a0a..0a03500 100644 --- a/account.php +++ b/account.php @@ -15,15 +15,15 @@ $_SESSION['prev_origin'] = $_SERVER['REQUEST_URI']; $page = $_SESSION['origin'] = 'account'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); -$healthindex_allowed = isAllowed('report_healthindex' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); +$healthindex_allowed = isAllowed('report_healthindex' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; diff --git a/account_manage.php b/account_manage.php index 14e3003..eb225fa 100644 --- a/account_manage.php +++ b/account_manage.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'account'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $account = [ diff --git a/accounts.php b/accounts.php index 5970a50..00c6705 100644 --- a/accounts.php +++ b/accounts.php @@ -15,15 +15,15 @@ $_SESSION['prev_origin'] = ''; $page = 'accounts'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'account_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS $pagination_page = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/api/v2/get/user_credentials.php b/api/v2/get/user_credentials.php index 8ee04a2..d6ccdba 100644 --- a/api/v2/get/user_credentials.php +++ b/api/v2/get/user_credentials.php @@ -19,7 +19,7 @@ if ($stmt->rowCount() == 1) { //Define User data $partnerhierarchy = $user_data['partnerhierarchy']; $permission = userRights($user_data['view']); - $profile= getProfile($user_data['settings'],$permission); + $profile= getUserPermissions($pdo, $user_data['id']); //getProfile($user_data['settings'],$permission); $username = $user_data['username']; $useremail = $user_data['email']; $servicekey = $user_data['service']; diff --git a/assets/functions.php b/assets/functions.php index 939bd98..25a3eb0 100644 --- a/assets/functions.php +++ b/assets/functions.php @@ -304,7 +304,7 @@ function menu($selected,$selected_child){ $menu = ''; //filter the main_menu array based on profile - $filteredMenu = filterMenuByProfile($main_menu, $_SESSION['authorization']['profile']); + $filteredMenu = filterMenuByProfile($main_menu, $_SESSION['authorization']['permissions']); foreach ($filteredMenu as $menu_item){ //Main Item @@ -1539,13 +1539,15 @@ function getProfile($profile, $permission){ //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //Is allowed (yes=1)++++++++++++++++++++++++++++++++++++++++ //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - function isAllowed($page,$profile,$permission,$action){ - - //override for testing only - return 1; - - //Include settingsa - include dirname(__FILE__,2).'/settings/settings_redirector.php'; + // RBAC-based permission check + // $access_element = the page/element to check access for (e.g., 'user', 'equipment') + // $permissions = array of user permissions from $_SESSION['authorization']['permissions'] (from getUserPermissions()) + // $basic_permission_level = optional legacy permission level (5 = system, always allowed) + // $action = C, R, U, or D + function isAllowed($access_element, $permissions, $basic_permission_level = null, $action = 'R'){ + + $date = date('Y-m-d H:i:s'); + $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt'; // Always allowed collections: [collection => allowed_actions_string] $always_allowed = [ @@ -1563,87 +1565,70 @@ function getProfile($profile, $permission){ 'marketing_delete' => 'CRUD' ]; - // Group permissions: [granting_page => [collection => allowed_actions_string]] - $group_permissions = [ - 'products_software' => [ - 'products_software_version_access_rules' => 'CRU', - 'products_software_licenses' => 'CRU', - 'products_software_upgrade_paths' => 'CRU', - 'products_software_versions' => 'CRU', - 'products_software_assignment' => 'CRU', - 'products_software_assignments' => 'CRU' - ] - ]; - - // Debug log + // Debug log - initial call if(debug){ - $test = "$date - isAllowed called: page=$page, permission=$permission, action=$action".PHP_EOL; - $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt'; - error_log($test, 3, $filelocation); - } - // 1. Check always allowed - if (isset($always_allowed[$page]) && str_contains($always_allowed[$page], $action)) { - - if(debug){ - $test = "$date - Allowed by always_allowed".PHP_EOL; - $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt'; - error_log($test, 3, $filelocation); - } - - return 1; - } - - //GET ALLOWED ACTIONS - $user_permission = ${'permission_'.$permission}; - - //CHECK ALLOWED - $page_action = str_contains($user_permission,$action) > 0 ? 1 : 0; //CHECK IF USER IS ALLOWED TO DO THE ACTION - $page_access = str_contains($profile,$page) > 0 ? 1 : 0; //CHECK USER IS ALLOWED TO ACCESS PAGE - - if(debug){ - $test = "$date - user_permission=$user_permission, page_action=$page_action, page_access=$page_access".PHP_EOL; - $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt'; + $perm_count = is_array($permissions) ? count($permissions) : 'not_array'; + $test = "$date - isAllowed called: access_element=$access_element, basic_permission_level=$basic_permission_level, action=$action, permissions_count=$perm_count".PHP_EOL; error_log($test, 3, $filelocation); } - // 2. Check user permissions (standard) - if ($page_access == 1 && $page_action == 1){ + // 1. Check if basic_permission_level is 5 (System) - always allow + if ($basic_permission_level !== null && $basic_permission_level == 5) { if(debug){ - $test = "$date - Allowed by user permissions".PHP_EOL; - $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt'; + $test = "$date - Allowed by system permission (level 5)".PHP_EOL; error_log($test, 3, $filelocation); - } return 1; } - // 3. If not allowed by user, check group permissions - if ($page_access == 0) { - foreach ($group_permissions as $granting_page => $grants) { - if (str_contains($profile, $granting_page)) { - if(debug){ - $test = "$date - Found granting_page: $granting_page".PHP_EOL; - $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt'; - error_log($test, 3, $filelocation); - } - if (isset($grants[$page]) && str_contains($grants[$page], $action)) { - if(debug){ - $test = "$date - Allowed by group permissions".PHP_EOL; - $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt'; - error_log($test, 3, $filelocation); - } - return 1; - } + // 2. Check always_allowed list + if (isset($always_allowed[$access_element]) && str_contains($always_allowed[$access_element], $action)) { + if(debug){ + $test = "$date - Allowed by always_allowed list".PHP_EOL; + error_log($test, 3, $filelocation); + } + return 1; + } + + // 3. Check RBAC permissions array (from getUserPermissions()) + if (is_array($permissions) && isset($permissions[$access_element])) { + $element_permissions = $permissions[$access_element]; + + // Map action letter to permission key + $action_map = [ + 'C' => 'can_create', + 'R' => 'can_read', + 'U' => 'can_update', + 'D' => 'can_delete' + ]; + + $permission_key = $action_map[$action] ?? null; + + if ($permission_key && isset($element_permissions[$permission_key]) && $element_permissions[$permission_key] == 1) { + if(debug){ + $test = "$date - Allowed by RBAC permissions: $access_element -> $permission_key = 1".PHP_EOL; + error_log($test, 3, $filelocation); } + return 1; + } + + if(debug){ + $perm_value = $element_permissions[$permission_key] ?? 'not_set'; + $test = "$date - RBAC check failed: $access_element -> $permission_key = $perm_value".PHP_EOL; + error_log($test, 3, $filelocation); + } + } else { + if(debug){ + $test = "$date - Access element '$access_element' not found in permissions array".PHP_EOL; + error_log($test, 3, $filelocation); } } - if(debug){ - $test = "$date - Not allowed".PHP_EOL; - $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt'; - error_log($test, 3, $filelocation); - } // Not allowed + if(debug){ + $test = "$date - Not allowed: access_element=$access_element, action=$action".PHP_EOL; + error_log($test, 3, $filelocation); + } return 0; } diff --git a/buildtool.php b/buildtool.php index 9de2e31..a34bd1d 100644 --- a/buildtool.php +++ b/buildtool.php @@ -12,7 +12,7 @@ include_once './settings/settings_redirector.php'; $page = 'buildtool'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/cartest.php b/cartest.php index 8ff8f5c..cb60ce3 100644 --- a/cartest.php +++ b/cartest.php @@ -13,14 +13,14 @@ include_once './settings/systemcartest.php'; $page = 'cartest'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //CALL TO API FOR cartest $api_url = '/v1/cartests/rowID='.$_GET['rowID']; diff --git a/cartest_manage.php b/cartest_manage.php index a4f3334..75bfa2c 100644 --- a/cartest_manage.php +++ b/cartest_manage.php @@ -13,14 +13,14 @@ include_once './settings/systemcartest.php'; $page = 'cartest_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $bearertoken = createCommunicationToken($_SESSION['authorization']['userkey']); diff --git a/cartests.php b/cartests.php index 141b967..8fb8062 100644 --- a/cartests.php +++ b/cartests.php @@ -11,14 +11,14 @@ include_once './settings/settings_redirector.php'; $page = 'cartests'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS diff --git a/catalog.php b/catalog.php index 5bbed4b..bfaf6dd 100644 --- a/catalog.php +++ b/catalog.php @@ -15,7 +15,7 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'catalog'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/categories.php b/categories.php index 6e887e0..5b4b157 100644 --- a/categories.php +++ b/categories.php @@ -15,7 +15,7 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'categories'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/category.php b/category.php index 7228cc6..d896ad3 100644 --- a/category.php +++ b/category.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'category'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $category = [ 'rowID' => '', diff --git a/communication.php b/communication.php index c3d8e3d..452ac13 100644 --- a/communication.php +++ b/communication.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'communication'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input communication values $communication = [ diff --git a/communication_send.php b/communication_send.php index 7b9a652..c5a6391 100644 --- a/communication_send.php +++ b/communication_send.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'communication_send'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $url = 'index.php?page=communications'; diff --git a/communications.php b/communications.php index b3eaf24..67bee9d 100644 --- a/communications.php +++ b/communications.php @@ -19,15 +19,15 @@ $back_btn_orgin = ($prev_page != '')? ''.$button_create_communication.''; } -if (isAllowed('communication_send',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U') === 1){ +if (isAllowed('communication_send',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U') === 1){ $view .= ''.$button_create_communication_send.''; } diff --git a/contract.php b/contract.php index 15ff325..6c4bfa9 100644 --- a/contract.php +++ b/contract.php @@ -17,7 +17,7 @@ $page = 'contract'; $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } @@ -27,11 +27,11 @@ $pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1; //PAGE Security $page_manage = 'contract_manage'; -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); -$view_equipment = isAllowed('equipment' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); +$view_equipment = isAllowed('equipment' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; diff --git a/contract_manage.php b/contract_manage.php index 80c0f23..7c46e33 100644 --- a/contract_manage.php +++ b/contract_manage.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'contract_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $contract = [ diff --git a/contracts.php b/contracts.php index 50d7e99..f7dba17 100644 --- a/contracts.php +++ b/contracts.php @@ -18,15 +18,15 @@ $prev_page = ($_SESSION['origin'] == 'equipments') ? $_SESSION['prev_origin_equi $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'contract_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //Close Contracts when end_date expired closeContract(); diff --git a/dashboard.php b/dashboard.php index 5aee031..7328425 100644 --- a/dashboard.php +++ b/dashboard.php @@ -11,7 +11,7 @@ include_once './assets/functions.php'; include_once './settings/settings_redirector.php'; //Check if allowed -if (isAllowed('dashboard',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed('dashboard',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/dealer.php b/dealer.php index a513523..224dadd 100644 --- a/dealer.php +++ b/dealer.php @@ -15,15 +15,15 @@ $_SESSION['prev_origin_dealer'] = $_SERVER['REQUEST_URI']; $page = 'dealer'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'dealer_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; diff --git a/dealer_manage.php b/dealer_manage.php index ce474c5..2bb5d9b 100644 --- a/dealer_manage.php +++ b/dealer_manage.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'dealer_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); if (isset($_GET['rowID']) && $_GET['rowID'] !=''){ diff --git a/dealers.php b/dealers.php index c0b01e4..7612a80 100644 --- a/dealers.php +++ b/dealers.php @@ -15,7 +15,7 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'dealers'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/discount.php b/discount.php index ae47aa5..54564ca 100644 --- a/discount.php +++ b/discount.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'discount'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $discount = [ 'id' =>'', diff --git a/discounts.php b/discounts.php index 0b3cc31..f4409fc 100644 --- a/discounts.php +++ b/discounts.php @@ -15,7 +15,7 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'discounts'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/equipment.php b/equipment.php index f02b6b6..67e0d1e 100644 --- a/equipment.php +++ b/equipment.php @@ -14,19 +14,19 @@ include_once './settings/settings_redirector.php'; $_SESSION['prev_origin_equipment'] = $_SERVER['REQUEST_URI']; $page = 'equipment'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'equipment_manage'; -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); -$view_product = isAllowed('product' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R'); -$view_history = isAllowed('history' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); -$view_contracts = isAllowed('contracts' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); +$view_product = isAllowed('product' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R'); +$view_history = isAllowed('history' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); +$view_contracts = isAllowed('contracts' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; @@ -108,7 +108,7 @@ if (!empty($responses->sw_version_upgrade) && isset($products_software) && $prod } //Calculate Healthindex based on last test -$total_score = assetHealthIndex($_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],$equipment_data,0); +$total_score = assetHealthIndex($_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],$equipment_data,0); //GetPartnerDetails $partner_data = json_decode($responses->accounthierarchy); @@ -369,7 +369,7 @@ if (!empty($responses->geolocation) || $responses->geolocation != ''){ } //Get all related service events -if (isAllowed('servicereports',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 1){ +if (isAllowed('servicereports',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){ $service_events = serviceEvents($history,$page); $view .= '
@@ -382,7 +382,7 @@ $view .= '
} //Show equipment_data when available and allowed -if (isAllowed('equipment_data',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 1 && !empty($equipment_data)){ +if (isAllowed('equipment_data',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1 && !empty($equipment_data)){ $view .= '
'.($view_asset_data_text ?? '').' diff --git a/equipment_data.php b/equipment_data.php index 5c94104..598c92a 100644 --- a/equipment_data.php +++ b/equipment_data.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'equipment_data'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $equipment_data = [ diff --git a/equipment_manage.php b/equipment_manage.php index a79f1ad..c077f6e 100644 --- a/equipment_manage.php +++ b/equipment_manage.php @@ -10,15 +10,15 @@ if (debug && debug_id == $_SESSION['authorization']['id']){ $page = 'equipment_manage'; $page_edit = 'equipment_manage_edit'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); -$update_allowed_special = isAllowed($page_edit ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); +$update_allowed_special = isAllowed($page_edit ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); // Default input product values $equipment = [ diff --git a/equipments.php b/equipments.php index 373abb1..ce10695 100644 --- a/equipments.php +++ b/equipments.php @@ -17,15 +17,15 @@ $page = $_SESSION['origin'] = 'equipments'; $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'equipment_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION $pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/equipments_mass_update.php b/equipments_mass_update.php index 4553094..1bbc639 100644 --- a/equipments_mass_update.php +++ b/equipments_mass_update.php @@ -12,14 +12,14 @@ include_once './settings/settings_redirector.php'; $page = 'equipments_mass_update'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; diff --git a/factuur.php b/factuur.php index bbd3887..015b461 100644 --- a/factuur.php +++ b/factuur.php @@ -11,7 +11,7 @@ include_once './assets/functions.php'; include_once './settings/settings_redirector.php'; // Check if allowed -if (isAllowed('order', $_SESSION['authorization']['profile'], $_SESSION['authorization']['permission'], 'R') === 0) { +if (isAllowed('order', $_SESSION['authorization']['permissions'], $_SESSION['authorization']['permission'], 'R') === 0) { header('location: index.php'); exit; } diff --git a/firmwaretool.php b/firmwaretool.php index 83f9def..8e33277 100644 --- a/firmwaretool.php +++ b/firmwaretool.php @@ -9,7 +9,7 @@ if (debug && debug_id == $_SESSION['authorization']['id']){ $page = 'firmwaretool'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } @@ -33,7 +33,7 @@ if (isset($_GET['equipmentID'])){$returnpage = 'equipment&equipmentID='.$_GET['e //SHOW BACK BUTTON ONLY FOR PORTAL USERS -if (isAllowed('dashboard',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') != 0){ +if (isAllowed('dashboard',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') != 0){ $view .= '
diff --git a/histories.php b/histories.php index 4f43f0a..c56de26 100644 --- a/histories.php +++ b/histories.php @@ -15,7 +15,7 @@ $_SESSION['prev_origin'] = $_SERVER['REQUEST_URI']; $page = $_SESSION['origin'] = 'histories'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/history.php b/history.php index 167b2fc..f130802 100644 --- a/history.php +++ b/history.php @@ -13,15 +13,15 @@ include_once './settings/settings_redirector.php'; //Check if allowed $page = 'history'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'history_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS $pagination_page = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/history_manage.php b/history_manage.php index ebea8ec..795c480 100644 --- a/history_manage.php +++ b/history_manage.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'history_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $history = [ diff --git a/index.php b/index.php index 03920e9..d14d81c 100644 --- a/index.php +++ b/index.php @@ -48,7 +48,6 @@ if (debug && debug_id == $_SESSION['authorization']['id']){ error_reporting(E_ALL); } -var_dump($_SESSION['authorization']); //===================================== //TRANSLATION FILE LOCATION //===================================== @@ -110,7 +109,7 @@ if (isset($_GET['page']) && $_GET['page'] == 'logout') { //===================================== //DEFINE WHERE TO SEND THE USER TO. GET first assigned view in the profile if not available use dashboard //===================================== -$allowed_views = explode(',',$_SESSION['authorization']['profile']); +$allowed_views = explode(',',$_SESSION['authorization']['permissions']); $ignoreViews = ['profile','assets','sales']; // If dashboard is in the profile, prioritize it diff --git a/language.php b/language.php index 0ba0a73..7d444ab 100644 --- a/language.php +++ b/language.php @@ -2,7 +2,7 @@ defined(page_security_key) or exit; //Check if allowed -if (isAllowed('language',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed('language',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/licenses.php b/licenses.php index 26f5b2b..fd25064 100644 --- a/licenses.php +++ b/licenses.php @@ -15,15 +15,15 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'licenses'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'licenses'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Handle license status update if ($update_allowed === 1 && isset($_POST['submit'])) { diff --git a/logfile.php b/logfile.php index ce8eebb..a7d02dc 100644 --- a/logfile.php +++ b/logfile.php @@ -2,7 +2,7 @@ defined(page_security_key) or exit; //Check if allowed -if (isAllowed('logfile',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed('logfile',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/logout.php b/logout.php index 5d463f6..32c433e 100644 --- a/logout.php +++ b/logout.php @@ -5,7 +5,7 @@ $_SESSION = array(); // Destroy all session related to user - $_SESSION['authorization']['profile'] = ''; + $_SESSION['authorization']['permissions'] = ''; session_unset(); session_destroy(); diff --git a/maintenance.php b/maintenance.php index c89e4c0..eff6ec1 100644 --- a/maintenance.php +++ b/maintenance.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'maintenance'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); if ($update_allowed === 1){ if (isset($_POST['geoupdate'])){ diff --git a/marketing.php b/marketing.php index d2e4e29..62f90cc 100644 --- a/marketing.php +++ b/marketing.php @@ -12,15 +12,15 @@ include_once './settings/settings_redirector.php'; $page = 'marketing'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS: $current_folder = $_GET['folder'] ?? ''; diff --git a/media.php b/media.php index 10d23e2..72e4c3a 100644 --- a/media.php +++ b/media.php @@ -11,14 +11,14 @@ include_once './settings/settings_redirector.php'; $page = 'media'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS @@ -98,7 +98,7 @@ $view = '
'; -if ($create_allowed === 1 && isAllowed('media_scanner' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C') === 1){ +if ($create_allowed === 1 && isAllowed('media_scanner' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C') === 1){ $view .= '📷'; } diff --git a/media_manage.php b/media_manage.php index d34f5c5..b900f83 100644 --- a/media_manage.php +++ b/media_manage.php @@ -3,16 +3,16 @@ defined(page_security_key) or exit; $page = 'media_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $media = [ diff --git a/media_scanner.php b/media_scanner.php index 43a8ca8..3f2374b 100644 --- a/media_scanner.php +++ b/media_scanner.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'media_scanner'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Check if domain is passed in URL $autoFetchDomain = isset($_GET['domain']) ? $_GET['domain'] : ''; diff --git a/order.php b/order.php index 9b39c93..8092ddc 100644 --- a/order.php +++ b/order.php @@ -17,7 +17,7 @@ $page = 'order'; $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } @@ -27,10 +27,10 @@ $pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1; //PAGE Security $page_manage = 'order_manage'; -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET Details from URL $_GET['list'] = 'order'; diff --git a/orders.php b/orders.php index 223447a..f130384 100644 --- a/orders.php +++ b/orders.php @@ -15,15 +15,15 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'orders'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'order'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS $pagination_page = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/partner.php b/partner.php index 7f3b8dc..4ef20c9 100644 --- a/partner.php +++ b/partner.php @@ -6,14 +6,14 @@ $_SESSION['prev_origin'] = $_SERVER['REQUEST_URI']; $page = $_SESSION['origin'] ='partner'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $partner = [ diff --git a/partners.php b/partners.php index 68ac725..da9b4a4 100644 --- a/partners.php +++ b/partners.php @@ -12,14 +12,14 @@ include_once './settings/settings_redirector.php'; $page = 'partners'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS diff --git a/pricelists.php b/pricelists.php index 100159f..9dde400 100644 --- a/pricelists.php +++ b/pricelists.php @@ -15,15 +15,15 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'pricelists'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'pricelists_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS $pagination_page = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/pricelists_manage.php b/pricelists_manage.php index e488fdd..4ed6acb 100644 --- a/pricelists_manage.php +++ b/pricelists_manage.php @@ -3,16 +3,16 @@ defined(page_security_key) or exit; $page = 'pricelists_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $pricelists = [ diff --git a/product.php b/product.php index ebd76e6..538e6ca 100644 --- a/product.php +++ b/product.php @@ -17,7 +17,7 @@ $page = 'product'; $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } @@ -27,12 +27,12 @@ $pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1; //PAGE Security $page_manage = 'product_manage'; -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); -$media_update = isAllowed('products_media' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$software_update = isAllowed('products_software_assignment' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); +$media_update = isAllowed('products_media' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$software_update = isAllowed('products_software_assignment' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; diff --git a/product_manage.php b/product_manage.php index 314d0bb..e118b35 100644 --- a/product_manage.php +++ b/product_manage.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'product_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // if ($_GET['id'] !=''){ diff --git a/products.php b/products.php index 7666889..110829c 100644 --- a/products.php +++ b/products.php @@ -15,15 +15,15 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'products'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'product_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS $pagination_page = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/products_attributes.php b/products_attributes.php index ed0e1cb..84d2e0b 100644 --- a/products_attributes.php +++ b/products_attributes.php @@ -15,15 +15,15 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'products_attributes'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'products_attributes_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS $pagination_page = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/products_attributes_manage.php b/products_attributes_manage.php index 8982e45..9ffce75 100644 --- a/products_attributes_manage.php +++ b/products_attributes_manage.php @@ -3,16 +3,16 @@ defined(page_security_key) or exit; $page = 'products_attributes_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } // //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $products_attributes = [ diff --git a/products_configurations.php b/products_configurations.php index a53cc12..5e82393 100644 --- a/products_configurations.php +++ b/products_configurations.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'products_configurations'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $products_configurations = [ diff --git a/products_software.php b/products_software.php index 2bc5633..7244cdd 100644 --- a/products_software.php +++ b/products_software.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'products_software'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $products_software = [ diff --git a/products_software_assignments.php b/products_software_assignments.php index 159b0e7..51e40ad 100644 --- a/products_software_assignments.php +++ b/products_software_assignments.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'products_software_assignments'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Get product details $productrowid = $_GET['productrowid'] ?? ''; diff --git a/products_software_upgrade_paths_manage.php b/products_software_upgrade_paths_manage.php index a63c347..19a28c1 100644 --- a/products_software_upgrade_paths_manage.php +++ b/products_software_upgrade_paths_manage.php @@ -6,14 +6,14 @@ if (!isset($button_cancel)) $button_cancel = 'Cancel'; $page = 'products_software_upgrade_paths_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Determine redirect URL if (isset($_GET['id'])) { diff --git a/products_software_version.php b/products_software_version.php index a73909d..afe654a 100644 --- a/products_software_version.php +++ b/products_software_version.php @@ -20,7 +20,7 @@ $back_btn_orgin = ($prev_page != '')? ' - + diff --git a/profiles.php b/profiles.php index 0785010..f31df19 100644 --- a/profiles.php +++ b/profiles.php @@ -12,7 +12,7 @@ include dirname(__FILE__).'/settings/settingsviews.php'; $page = 'profiles'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/report_build.php b/report_build.php index 55b4143..458a312 100644 --- a/report_build.php +++ b/report_build.php @@ -15,7 +15,7 @@ $_SESSION['prev_origin'] = $_SERVER['REQUEST_URI']; $page = 'report_build'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/report_builder.php b/report_builder.php index 73dab54..13eac59 100644 --- a/report_builder.php +++ b/report_builder.php @@ -6,7 +6,7 @@ $_SESSION['prev_origin'] = $_SERVER['REQUEST_URI']; $page = $_SESSION['origin'] = 'report_builder'; //Check if allowed -if (isAllowed($page, $_SESSION['authorization']['profile'], $_SESSION['authorization']['permission'], 'R') === 0) { +if (isAllowed($page, $_SESSION['authorization']['permissions'], $_SESSION['authorization']['permission'], 'R') === 0) { header('location: index.php'); exit; } diff --git a/report_contracts_billing.php b/report_contracts_billing.php index 3af479b..1a471a6 100644 --- a/report_contracts_billing.php +++ b/report_contracts_billing.php @@ -18,7 +18,7 @@ $prev_page = ($_SESSION['origin'] == 'equipments') ? $_SESSION['prev_origin_equi $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/report_healthindex.php b/report_healthindex.php index d4c469e..2f6d47f 100644 --- a/report_healthindex.php +++ b/report_healthindex.php @@ -17,7 +17,7 @@ $page = $_SESSION['origin'] = 'report_healthindex'; $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/report_usage.php b/report_usage.php index cb3a38f..b8fdfe3 100644 --- a/report_usage.php +++ b/report_usage.php @@ -12,7 +12,7 @@ include_once './settings/settings_redirector.php'; $page = 'report_usage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/rma.php b/rma.php index 9e01d8d..6fb2a05 100644 --- a/rma.php +++ b/rma.php @@ -13,17 +13,17 @@ include_once './settings/systemrma.php'; $page = 'rma'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); -$view_product = isAllowed('product' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R'); -$view_history = isAllowed('history' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$view_product = isAllowed('product' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R'); +$view_history = isAllowed('history' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $rowID = $_GET['rowID'] ?? ''; diff --git a/rma_manage.php b/rma_manage.php index c3eaf9a..cd9d0fd 100644 --- a/rma_manage.php +++ b/rma_manage.php @@ -13,17 +13,17 @@ include_once './settings/systemrma.php'; $page = 'rma_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); -$view_product = isAllowed('product' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R'); -$view_history = isAllowed('history' ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$view_product = isAllowed('product' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R'); +$view_history = isAllowed('history' ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $rowID = $_GET['rowID'] ?? ''; diff --git a/rmas.php b/rmas.php index 95780ad..18bb132 100644 --- a/rmas.php +++ b/rmas.php @@ -11,14 +11,14 @@ include_once './settings/settings_redirector.php'; $page = 'rmas'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS diff --git a/servicereport.php b/servicereport.php index f37f06b..aee156e 100644 --- a/servicereport.php +++ b/servicereport.php @@ -19,7 +19,7 @@ $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/settings.php b/settings.php index 365c80b..1841d9a 100644 --- a/settings.php +++ b/settings.php @@ -8,7 +8,7 @@ $domain = getDomainName($_SERVER['SERVER_NAME']); $file = ((file_exists(dirname(__FILE__).'/custom/'.$domain.'/settings/'.$domain.'_config.php')) ? dirname(__FILE__).'/custom/'.$domain.'/settings/'.$domain.'_config.php' : dirname(__FILE__).'/settings/config.php'); //Check if allowed -if (isAllowed('settings',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed('settings',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/shipping.php b/shipping.php index 45b2b9d..e140d2d 100644 --- a/shipping.php +++ b/shipping.php @@ -15,7 +15,7 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'shipping'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } diff --git a/shipping_manage.php b/shipping_manage.php index ee10be0..fdd20db 100644 --- a/shipping_manage.php +++ b/shipping_manage.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'shipping'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $shipping = [ 'id' =>'', diff --git a/softwaretool.php b/softwaretool.php index cd971b9..b04df46 100644 --- a/softwaretool.php +++ b/softwaretool.php @@ -9,7 +9,7 @@ if (debug && debug_id == $_SESSION['authorization']['id']){ $page = 'softwaretool'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } @@ -201,7 +201,7 @@ if (isset($_GET['equipmentID'])){$returnpage = 'equipment&equipmentID='.$_GET['e //SHOW BACK BUTTON ONLY FOR PORTAL USERS -if (isAllowed('dashboard',$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') != 0){ +if (isAllowed('dashboard',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') != 0){ $view .= '
diff --git a/translation_manage.php b/translation_manage.php index 0cbef61..2cb4d47 100644 --- a/translation_manage.php +++ b/translation_manage.php @@ -3,16 +3,16 @@ defined(page_security_key) or exit; $page = 'translation_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input product values $text_variable = [ diff --git a/translations.php b/translations.php index bde711e..d30c91e 100644 --- a/translations.php +++ b/translations.php @@ -15,15 +15,15 @@ $prev_page = $_SESSION['prev_origin'] ?? ''; $page = $_SESSION['origin'] = 'translations'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'translation_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS $pagination_page = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/uploader.php b/uploader.php index 2cfa79d..0cef510 100644 --- a/uploader.php +++ b/uploader.php @@ -3,14 +3,14 @@ defined(page_security_key) or exit; $page = 'uploader'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); if ($create_allowed === 1 && $_POST){ diff --git a/user.php b/user.php index 8db6e34..eb68f1e 100644 --- a/user.php +++ b/user.php @@ -14,16 +14,16 @@ include_once './settings/settings_redirector.php'; $_SESSION['prev_origin_user'] = $_SERVER['REQUEST_URI']; $page = 'user'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'user_manage'; -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET Details from URL $user_ID = $_GET['id'] ?? ''; diff --git a/user_role.php b/user_role.php index 021de77..e0e7fe4 100644 --- a/user_role.php +++ b/user_role.php @@ -14,16 +14,16 @@ include_once './settings/settings_redirector.php'; $_SESSION['prev_origin_user_role'] = $_SERVER['REQUEST_URI']; $page = 'user_role'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'user_role_manage'; -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET Details from URL $GET_VALUES = urlGETdetails($_GET) ?? ''; diff --git a/user_role_manage.php b/user_role_manage.php index 66a9269..4bee75b 100644 --- a/user_role_manage.php +++ b/user_role_manage.php @@ -12,14 +12,14 @@ include_once './settings/settings_redirector.php'; $page = 'user_role_manage'; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); // Default input values $role = [ diff --git a/user_roles.php b/user_roles.php index 9ddde59..2b52d82 100644 --- a/user_roles.php +++ b/user_roles.php @@ -17,15 +17,15 @@ $page = $_SESSION['origin'] = 'user_roles'; $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security $page_manage = 'user_role_manage'; -$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION $pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1; diff --git a/users.php b/users.php index 1d98e22..613b59f 100644 --- a/users.php +++ b/users.php @@ -18,14 +18,14 @@ $page = 'users'; $back_btn_orgin = ($prev_page != '')? '':''; //Check if allowed -if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){ +if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ header('location: index.php'); exit; } //PAGE Security -$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C'); +$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); +$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); +$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); //GET PARAMETERS