From 671e1826d04c985633f738c77ff4a8870b1fc137 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Sun, 9 Aug 2020 17:09:50 +0100 Subject: [PATCH] :bug: Fix request authorisation Signed-off-by: Luke Tainton --- app/includes/prereqs.php | 4 ++-- app/public/actions/close.php | 6 +++--- app/public/actions/update.php | 4 ++-- app/public/actions/upload.php | 4 ++-- app/public/update.php | 6 +++--- app/public/upload.php | 2 +- app/public/view.php | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/app/includes/prereqs.php b/app/includes/prereqs.php index aba9fde..9271533 100644 --- a/app/includes/prereqs.php +++ b/app/includes/prereqs.php @@ -136,6 +136,6 @@ function get_subscribers($db, $request) { return $users_result; } -function isAuthorised($authorised_users, $request) { - if (in_array($authorised_users, $_SESSION['uuid']) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; } +function isAuthorised($user, $authorised_users, $request) { + if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; } } diff --git a/app/public/actions/close.php b/app/public/actions/close.php index 0c39517..a40f9d7 100644 --- a/app/public/actions/close.php +++ b/app/public/actions/close.php @@ -4,8 +4,8 @@ $request = get_request($db, $_GET['rid']); $authorised_users = get_subscribers($db, $request); - $is_authorised = isAuthorised($authorised_users, $request); - + $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); + // Close request if ($is_authorised == true) { if($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -25,4 +25,4 @@ header('Location: /view?rid=' . $request['uuid'], true); } -?> \ No newline at end of file +?> diff --git a/app/public/actions/update.php b/app/public/actions/update.php index 58cd968..74fe63c 100644 --- a/app/public/actions/update.php +++ b/app/public/actions/update.php @@ -4,7 +4,7 @@ $request = get_request($db, $_POST['rid']); $authorised_users = get_subscribers($db, $request); - $is_authorised = isAuthorised($authorised_users, $request); + $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); // If form submitted, save to database if($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -26,4 +26,4 @@ } } -?> \ No newline at end of file +?> diff --git a/app/public/actions/upload.php b/app/public/actions/upload.php index 9e8fb40..76e3e26 100644 --- a/app/public/actions/upload.php +++ b/app/public/actions/upload.php @@ -4,7 +4,7 @@ $request = get_request($db, $_POST['rid']); $authorised_users = get_subscribers($db, $request); - $is_authorised = isAuthorised($authorised_users, $request); + $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); // If form submitted, save to database if($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -35,4 +35,4 @@ } } -?> \ No newline at end of file +?> diff --git a/app/public/update.php b/app/public/update.php index be79fb3..c8a33bb 100644 --- a/app/public/update.php +++ b/app/public/update.php @@ -1,11 +1,11 @@ @@ -138,7 +138,7 @@ - +
diff --git a/app/public/upload.php b/app/public/upload.php index 4701d6f..a852f41 100644 --- a/app/public/upload.php +++ b/app/public/upload.php @@ -5,7 +5,7 @@ $request = get_request($db, $_GET['rid']); $updates = get_updates($db, $request); $authorised_users = get_subscribers($db, $request); - $is_authorised = isAuthorised($authorised_users, $request); + $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); ?> diff --git a/app/public/view.php b/app/public/view.php index 0cfc221..1a93bbc 100644 --- a/app/public/view.php +++ b/app/public/view.php @@ -5,7 +5,7 @@ $request = get_request($db, $_GET['rid']); $updates = get_updates($db, $request); $authorised_users = get_subscribers($db, $request); - $is_authorised = isAuthorised($authorised_users, $request); + $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); ?>