59 lines
2.1 KiB
PHP
59 lines
2.1 KiB
PHP
<?php
|
|
include_once('includes/functions.php');
|
|
// include_once('includes/config/config.php');
|
|
|
|
// Check if session variables exist
|
|
$menu_key = isset($_SESSION['menu_key']) ? $_SESSION['menu_key'] : '';
|
|
$role_id = isset($_SESSION['RoleId']) ? $_SESSION['RoleId'] : '';
|
|
|
|
if (!empty($role_id) && !empty($menu_key)) {
|
|
$access_level = getaccesslevel($role_id, $menu_key);
|
|
$_SESSION['access_key'] = $access_level;
|
|
|
|
// Check for specific page conditions
|
|
if (
|
|
is_string($__currentPage) &&
|
|
(
|
|
(stripos($__currentPage, "interim") !== false) ||
|
|
(stripos($__currentPage, "review_ohc_selection") !== false)
|
|
)
|
|
) {
|
|
// Do nothing if condition matches
|
|
} else {
|
|
$acn = isset($_REQUEST['acn']) ? $_REQUEST['acn'] : (isset($_REQUEST['frmacn']) ? $_REQUEST['frmacn'] : '');
|
|
|
|
// SQL query to check menu access
|
|
$sql_access = "SELECT menu_id FROM assign_menu WHERE role_id='" . mysqli_real_escape_string($conn, $role_id) . "' AND menu_id='" . mysqli_real_escape_string($conn, $menu_key) . "'";
|
|
error_log("sql_access".$sql_access);
|
|
$result_access = mysqli_query($conn, $sql_access);
|
|
$count_access = mysqli_num_rows($result_access);
|
|
|
|
// Access control checks
|
|
if (!empty($menu_key) && $count_access == 0) {
|
|
echo "<script>location.href='error.php'</script>";
|
|
exit;
|
|
} else {
|
|
if (
|
|
!empty($acn) &&
|
|
(($acn == "delete" || $acn == "Delete") && $access_level != 'E')
|
|
) {
|
|
echo "<script>location.href='error.php'</script>";
|
|
exit;
|
|
} else if (
|
|
!empty($acn) &&
|
|
(in_array(strtolower($acn), ['add', 'save', 'update']) && !in_array($access_level, ['W', 'E', 'R']))
|
|
) {
|
|
echo "<script>location.href='error.php'</script>";
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// Validate the request for special characters
|
|
validateRequest();
|
|
}
|
|
} else {
|
|
// echo "<script>location.href='error.php'</script>";
|
|
// exit;
|
|
}
|
|
?>
|