pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
18469fe9583bdfffa5a5f7c51027964fb945316a
assetmgt/index.php
“VeLiTi” 18469fe958 Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files 
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.
2026-01-20 15:00:00 +01:00

141 lines
4.9 KiB
PHP
Raw Blame History

<?php
define('secure_admin_342642', true);
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
//=====================================
//INCLUDE CONSTANTS
//=====================================
include dirname(__FILE__).'/settings/config_redirector.php';
if (debug){
set_error_handler(function($errno, $errstr, $errfile, $errline) {
debuglog("PHP ERROR [$errno]: $errstr in $errfile on line $errline");
return false;
});
set_exception_handler(function($exception) {
debuglog("PHP EXCEPTION: " . $exception->getMessage() . " in " . $exception->getFile() . " on line " . $exception->getLine());
});
}
//INCLUDE FUNCTIONS AND SETTINGS
include dirname(__FILE__).'/assets/functions.php';
include dirname(__FILE__).'/settings/settings_redirector.php';
include_once dirname(__FILE__).'/settings/countries.php';
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//GET USER PERMISSION ASSIGNED
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if (!isset($_SESSION['authorization']['id'])){
$api_url = '/v2/user_permissions/userkey='.$_SESSION['authorization']['userkey'];
$responses = ioServer($api_url,'');
//Decode Payload
if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
//STORE DATA IN SESSION
foreach($responses as $key => $value){
$_SESSION['authorization'][$key] = $value;
}
}
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
//=====================================
//TRANSLATION FILE LOCATION
//=====================================
if (isset($_GET['language']) && $_GET['language'] !=''){
//INCLUDE LANGUAGE FILE
$api_file_language = './settings/translations/translations_'.strtoupper($_GET['language']).'.php';
if (file_exists($api_file_language)){
include $api_file_language; //Include the code
//DEFINE LANGUAGE
$_SESSION['country_code'] = trim($_GET['language']);
}
else {
include './settings/translations/translations_US.php';
//DEFINE LANGUAGE
$_SESSION['country_code'] = 'US';
}
//REMOVE FROM GET TO AVOID THAT LANGUAGE IS USED IN GET_VALUES FUNCTION
unset($_GET['language']);
}
elseif(isset($_SESSION['country_code'])){
$api_file_language = './settings/translations/translations_'.strtoupper($_SESSION['country_code']).'.php';
if (file_exists($api_file_language)){
include $api_file_language; //Include the code
}
else {
include './settings/translations/translations_US.php';
}
} else {
include './settings/translations/translations_US.php';
//DEFINE LANGUAGE
$_SESSION['country_code'] = 'US';
}
//=====================================
// Determine the base URL
//=====================================
$base_url = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] === 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ? 'https' : 'http';
$base_url .= '://' . rtrim($_SERVER['HTTP_HOST'], '/');
$base_url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 || strpos($_SERVER['HTTP_HOST'], ':') !== false ? '' : ':' . $_SERVER['SERVER_PORT'];
$base_url .= '/' . ltrim(substr(str_replace('\\', '/', realpath(__DIR__)), strlen($_SERVER['DOCUMENT_ROOT'])), '/');
define('base_url', rtrim($base_url, '/') . '/');
//=====================================
//CHECK USER SESSION
//=====================================
if (!isset($_SESSION['loggedin'])) {
header('location: login.php');
die();
}
if (isset($_GET['page']) && $_GET['page'] == 'logout') {
session_destroy();
header('location: login.php');
die();
}
//=====================================
//DEFINE WHERE TO SEND THE USER TO. GET first assigned view in the profile if not available use dashboard
//=====================================
$allowed_views = explode(',',$_SESSION['authorization']['permissions']);
$ignoreViews = ['profile','assets','sales'];
// If dashboard is in the profile, prioritize it
if (in_array('dashboard', $allowed_views) && file_exists('dashboard.php')) {
$allowed_views = 'dashboard';
} else {
$allowed_views = findExistingView($allowed_views, 'dashboard', $ignoreViews);
}
//=====================================
//FORWARD THE USER TO THE CORRECT PAGE
//=====================================
$page = isset($_GET['page']) && file_exists($_GET['page'] . '.php') ? $_GET['page'] : $allowed_views;
// Output error variable
$error = '';
// Include the requested page
include $page . '.php';
//=====================================
//debuglog
//=====================================
if (debug){
$message = $date.';'.json_encode($_GET).';'.$_SESSION['authorization']['clientID'];
debuglog($message);
}
Reference in New Issue View Git Blame Copy Permalink