Do not allow a user to access the app if their account was removed.

This commit is contained in:
Alex Tselegidis 2023-03-13 07:42:06 +01:00
parent f3a3fb047e
commit e1a8de1652
2 changed files with 40 additions and 7 deletions

View File

@ -12,7 +12,7 @@
* ---------------------------------------------------------------------------- */ * ---------------------------------------------------------------------------- */
/** /**
* Easy!Appointments controller. * Easy!Appointments controller.
* *
* @property EA_Benchmark $benchmark * @property EA_Benchmark $benchmark
* @property EA_Cache $cache * @property EA_Cache $cache
@ -75,12 +75,16 @@ class EA_Controller extends CI_Controller {
{ {
parent::__construct(); parent::__construct();
$this->load->library('accounts');
$this->ensure_user_exists();
$this->configure_language(); $this->configure_language();
$this->load_common_html_vars(); $this->load_common_html_vars();
$this->load_common_script_vars(); $this->load_common_script_vars();
rate_limit($this->input->ip_address()); rate_limit($this->input->ip_address());
} }
@ -112,9 +116,9 @@ class EA_Controller extends CI_Controller {
'csrf_token' => $this->security->get_csrf_hash(), 'csrf_token' => $this->security->get_csrf_hash(),
]); ]);
} }
/** /**
* Load common script vars for all requests. * Load common script vars for all requests.
*/ */
private function load_common_script_vars() private function load_common_script_vars()
{ {
@ -125,4 +129,21 @@ class EA_Controller extends CI_Controller {
'csrf_token' => $this->security->get_csrf_hash(), 'csrf_token' => $this->security->get_csrf_hash(),
]); ]);
} }
private function ensure_user_exists()
{
$user_id = session('user_id');
if ( ! $user_id)
{
return;
}
if ( ! $this->accounts->does_account_exist($user_id))
{
session_destroy();
abort(403, 'Forbidden');
}
}
} }

View File

@ -16,7 +16,7 @@
* Accounts library. * Accounts library.
* *
* Handles account related functionality. * Handles account related functionality.
* *
* @package Libraries * @package Libraries
*/ */
class Accounts { class Accounts {
@ -146,4 +146,16 @@ class Accounts {
return $new_password; return $new_password;
} }
/**
* Check if a user account exists or not.
*
* @param int $user_id
*
* @return bool
*/
public function does_account_exist(int $user_id): bool
{
return $this->CI->users_model->query()->where(['id' => $user_id, 'delete_datetime' => NULL])->get()->num_rows() > 0;
}
} }