Linux lhjmq-records 5.15.0-118-generic #128-Ubuntu SMP Fri Jul 5 09:28:59 UTC 2024 x86_64
Your IP : 3.146.255.161
<?
// 20171013 simon
require("fix_php54.php");
//Check if user has access
$query = "SELECT DISTINCT secur_usagers.id_usager AS id_usager FROM secur_usagers LEFT JOIN secur_usagersgroupes ON secur_usagersgroupes.id_usager = secur_usagers.id_usager LEFT JOIN secur_groupes ON secur_groupes.id_groupe = secur_usagersgroupes.id_groupe LEFT JOIN secur_groupesmodules ON secur_groupesmodules.id_groupe = secur_groupes.id_groupe LEFT JOIN secur_modules ON secur_modules.id_module = secur_groupesmodules.id_module LEFT JOIN secur_permissions ON secur_permissions.id_groupemodule = secur_groupesmodules.id_groupemodule WHERE secur_usagers.id_usager = $session_id_usager AND secur_modules.moduleclassid = '$moduleclassid' AND secur_permissions.permission = $permission AND secur_groupes.actif = 1";
$result = mysql_query("$query", $mysql_link);
if(!mysql_num_rows($result)){
//No rows returned, permission denied
header("location: ../session/session_menu.php?returnerror=1");
exit();
}
//Quick check if we are in a game
if(isset($_REQUEST['id_partie']) && strpos($PHP_SELF, "/op_resultats")){
//In dept search of access on current game
$game = mysql_fetch_assoc(mysql_query($sql = "SELECT p.id_equipe_dom, p.id_equipe_vis FROM parties AS p WHERE p.id_partie = ".$_REQUEST['id_partie'], $mysql_link));
$user = mysql_fetch_assoc(mysql_query('SELECT teamaccess FROM secur_usagers WHERE id_usager = "'.$_SESSION['session_id_usager'].'"'));
if(($user[teamaccess] != -1) && $game[id_equipe_dom] != $user[teamaccess] && $game[id_equipe_vis] != $user[teamaccess]){
//Permission denied, user is not allowed in this game
header("location: ../session/session_menu.php?returnerror=2");
exit();
}
}
?>
|