2024-10-16 19:18:52 +05:30
< ? php
include_once ( 'includes/functions.php' );
// include_once('includes/config/config.php');
2025-02-21 11:45:27 +05:30
// Check if session variables exist
$menu_key = isset ( $_SESSION [ 'menu_key' ]) ? $_SESSION [ 'menu_key' ] : '' ;
$role_id = isset ( $_SESSION [ 'RoleId' ]) ? $_SESSION [ 'RoleId' ] : '' ;
if ( ! empty ( $role_id ) && ! empty ( $menu_key )) {
$access_level = getaccesslevel ( $role_id , $menu_key );
$_SESSION [ 'access_key' ] = $access_level ;
// Check for specific page conditions
if (
is_string ( $__currentPage ) &&
(
( stripos ( $__currentPage , " interim " ) !== false ) ||
( stripos ( $__currentPage , " review_ohc_selection " ) !== false )
)
) {
// Do nothing if condition matches
} else {
$acn = isset ( $_REQUEST [ 'acn' ]) ? $_REQUEST [ 'acn' ] : ( isset ( $_REQUEST [ 'frmacn' ]) ? $_REQUEST [ 'frmacn' ] : '' );
// SQL query to check menu access
$sql_access = " SELECT menu_id FROM assign_menu WHERE role_id=' " . mysqli_real_escape_string ( $conn , $role_id ) . " ' AND menu_id=' " . mysqli_real_escape_string ( $conn , $menu_key ) . " ' " ;
error_log ( " sql_access " . $sql_access );
$result_access = mysqli_query ( $conn , $sql_access );
$count_access = mysqli_num_rows ( $result_access );
// Access control checks
if ( ! empty ( $menu_key ) && $count_access == 0 ) {
echo " <script>location.href='error.php'</script> " ;
exit ;
} else {
if (
! empty ( $acn ) &&
(( $acn == " delete " || $acn == " Delete " ) && $access_level != 'E' )
) {
echo " <script>location.href='error.php'</script> " ;
exit ;
} else if (
! empty ( $acn ) &&
( in_array ( strtolower ( $acn ), [ 'add' , 'save' , 'update' ]) && ! in_array ( $access_level , [ 'W' , 'E' , 'R' ]))
) {
echo " <script>location.href='error.php'</script> " ;
exit ;
}
}
2024-10-16 19:18:52 +05:30
2025-02-21 11:45:27 +05:30
// Validate the request for special characters
validateRequest ();
}
} else {
// echo "<script>location.href='error.php'</script>";
// exit;
2024-10-16 19:18:52 +05:30
}
2025-02-21 11:45:27 +05:30
?>
