From 19b5e01da02aa2115ee802cf2e43a7f3e58f4eac Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Wed, 13 Aug 2014 19:28:03 +0200 Subject: [PATCH] Added function "is_superadmin" in auth library and improved other functions. --- interface/lib/classes/auth.inc.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php index 070662fda..5be11cb7b 100644 --- a/interface/lib/classes/auth.inc.php +++ b/interface/lib/classes/auth.inc.php @@ -44,6 +44,14 @@ class auth { return false; } } + + public function is_superadmin() { + if($_SESSION['s']['user']['typ'] == 'admin' && $_SESSION['s']['user']['userid'] === 1) { + return true; + } else { + return false; + } + } public function has_clients($userid) { global $app, $conf; @@ -83,6 +91,7 @@ class auth { global $app; $userid = $app->functions->intval($userid); + if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$limitname)) $app->error('Invalid limit name '.$limitname); // simple query cache if($this->client_limits===null) @@ -120,7 +129,8 @@ class auth { public function check_module_permissions($module) { // Check if the current user has the permissions to access this module - if(!stristr($_SESSION["s"]["user"]["modules"], $module)) { + $user_modules = explode(',',$_SESSION["s"]["user"]["modules"]); + if(!in_array($module,$user_modules)) { // echo "LOGIN_REDIRECT:/index.php"; header("Location: /index.php"); exit; -- GitLab