1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
<?php
//require_once("configure.php");
$logged = 0;
session_start();
$sessionid = session_id();
//var_dump($_SESSION);
$sql = "SELECT * FROM master_user WHERE refid=:refid AND status=:status AND canlogin=1";
$sth = $dbh->prepare($sql);
$sth->execute( array(':refid'=>$_SESSION['refid'],
':status'=>'ACTIVE') );
/*echo $sth->getSQL( array(':refid'=>$_SESSION['refid'],
':status'=>'ACTIVE') ); */
$row = $sth->fetch();
if( md5salt($row['createdate'])==$_SESSION['token'] ){
//vdump($_SESSION['token']);
//exit;
$logged = 1;
}
else{
//exit;
header('Location: loginform.php');
//echo "exit";
//var_dump($_SESSION);
print'<script>parent.location.href="index.php";</script>';
exit();
}
unset($row);
//check basic permission of each function for navigation bar
$sql = "SELECT dbo.getsecmenu(:userid, :companyid)";
$sth = $dbh->prepare($sql);
$sth->execute( array(':userid'=>$_SESSION['user'],
':companyid'=>$_SESSION['companyid'] ) );
/*echo $sth->getSQL( array(':userid'=>$_SESSION['user'],
':companyid'=>$_SESSION['companyid'] ) ); */
if($menu_permission = $sth->fetch()){
$menu_permissionstr = $menu_permission[0];
}
else{
myerror("Invalid permission: Menu");
exit;
}
//vdump($menu_permissionstr);
function haveMenuPermission($reqpermission, $menu_permissionstr=""){
if(empty($menu_permissionstr)){
global $menu_permissionstr;
}
return strpos($menu_permissionstr, $reqpermission) !== false;
}
//check permission of current page
$sql = "SELECT dbo.getseccontent(:userid, :formid, :companyid)";
$sth = $dbh->prepare($sql);
$sth->execute( array(':userid'=>$_SESSION['user'],
':formid'=>$formid,
':companyid'=>$_SESSION['companyid'] ) );
if($permission = $sth->fetch()){
$permissionstr = $permission[0];
}
else{
myerror("Invalid permission: ".$_SESSION['user'].".".$_SESSION['companyid']."@$formid");
exit;
}
function addPermission($newPermission){
global $permissionstr;
$permissionstr.=$newPermission;
}
//function havePermission($userid, $formid, $companyid){
function havePermission($reqpermission, $permissionstr=""){//, $formid="", $companyid=""){
if(empty($permissionstr)){
global $permissionstr;
}
//echo "p=". $permissionstr;
return strpos($permissionstr, $reqpermission) !== false;
}
/*
function userhavePermission($reqpermission, $userid, $formid, $companyid ){//, $formid="", $companyid=""){
//check permission
global $dbh;
$sql = "SELECT dbo.getseccontent(:userid, :formid, :companyid)";
$sth = $dbh->prepare($sql);
$sth->execute( array(':userid'=>$userid,
':formid'=>$formid,
':companyid'=>$companyid ) );
/*echo $sth->getSQL( array(':userid'=>$_SESSION['user'],
':formid'=>$formid,
':companyid'=>$_SESSION['companyid'] ) ) . HTML_EOL;*
if($permission = $sth->fetch()){
// vdump($permission);
echo $permissionstr = $permission[0];
//echo "p=". $permissionstr;
return havePermission($reqpermission, $permissionstr);
}
return false;
}
//vdump( havePermission("SUr", "SUrabcd") );
//vdump( havePermission("SUr") );
//vdump( userhavePermission("GPu", "enza2", "Drawing", "ECN") );
*/
?>
|