forked from mirrors/easyappointments
Do not allow a user to access the app if their account was removed.
This commit is contained in:
parent
f3a3fb047e
commit
e1a8de1652
|
@ -12,7 +12,7 @@
|
||||||
* ---------------------------------------------------------------------------- */
|
* ---------------------------------------------------------------------------- */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Easy!Appointments controller.
|
* Easy!Appointments controller.
|
||||||
*
|
*
|
||||||
* @property EA_Benchmark $benchmark
|
* @property EA_Benchmark $benchmark
|
||||||
* @property EA_Cache $cache
|
* @property EA_Cache $cache
|
||||||
|
@ -75,12 +75,16 @@ class EA_Controller extends CI_Controller {
|
||||||
{
|
{
|
||||||
parent::__construct();
|
parent::__construct();
|
||||||
|
|
||||||
|
$this->load->library('accounts');
|
||||||
|
|
||||||
|
$this->ensure_user_exists();
|
||||||
|
|
||||||
$this->configure_language();
|
$this->configure_language();
|
||||||
|
|
||||||
$this->load_common_html_vars();
|
$this->load_common_html_vars();
|
||||||
|
|
||||||
$this->load_common_script_vars();
|
$this->load_common_script_vars();
|
||||||
|
|
||||||
rate_limit($this->input->ip_address());
|
rate_limit($this->input->ip_address());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -112,9 +116,9 @@ class EA_Controller extends CI_Controller {
|
||||||
'csrf_token' => $this->security->get_csrf_hash(),
|
'csrf_token' => $this->security->get_csrf_hash(),
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Load common script vars for all requests.
|
* Load common script vars for all requests.
|
||||||
*/
|
*/
|
||||||
private function load_common_script_vars()
|
private function load_common_script_vars()
|
||||||
{
|
{
|
||||||
|
@ -125,4 +129,21 @@ class EA_Controller extends CI_Controller {
|
||||||
'csrf_token' => $this->security->get_csrf_hash(),
|
'csrf_token' => $this->security->get_csrf_hash(),
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function ensure_user_exists()
|
||||||
|
{
|
||||||
|
$user_id = session('user_id');
|
||||||
|
|
||||||
|
if ( ! $user_id)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! $this->accounts->does_account_exist($user_id))
|
||||||
|
{
|
||||||
|
session_destroy();
|
||||||
|
|
||||||
|
abort(403, 'Forbidden');
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
* Accounts library.
|
* Accounts library.
|
||||||
*
|
*
|
||||||
* Handles account related functionality.
|
* Handles account related functionality.
|
||||||
*
|
*
|
||||||
* @package Libraries
|
* @package Libraries
|
||||||
*/
|
*/
|
||||||
class Accounts {
|
class Accounts {
|
||||||
|
@ -146,4 +146,16 @@ class Accounts {
|
||||||
|
|
||||||
return $new_password;
|
return $new_password;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if a user account exists or not.
|
||||||
|
*
|
||||||
|
* @param int $user_id
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function does_account_exist(int $user_id): bool
|
||||||
|
{
|
||||||
|
return $this->CI->users_model->query()->where(['id' => $user_id, 'delete_datetime' => NULL])->get()->num_rows() > 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue