From e1a8de1652389cfc16c6475b3bbdfa0dfaf587ce Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Mon, 13 Mar 2023 07:42:06 +0100 Subject: [PATCH] Do not allow a user to access the app if their account was removed. --- application/core/EA_Controller.php | 33 ++++++++++++++++++++++++------ application/libraries/Accounts.php | 14 ++++++++++++- 2 files changed, 40 insertions(+), 7 deletions(-) diff --git a/application/core/EA_Controller.php b/application/core/EA_Controller.php index 2a78e3ff..ff4e5cce 100644 --- a/application/core/EA_Controller.php +++ b/application/core/EA_Controller.php @@ -12,7 +12,7 @@ * ---------------------------------------------------------------------------- */ /** - * Easy!Appointments controller. + * Easy!Appointments controller. * * @property EA_Benchmark $benchmark * @property EA_Cache $cache @@ -75,12 +75,16 @@ class EA_Controller extends CI_Controller { { parent::__construct(); + $this->load->library('accounts'); + + $this->ensure_user_exists(); + $this->configure_language(); - + $this->load_common_html_vars(); - + $this->load_common_script_vars(); - + rate_limit($this->input->ip_address()); } @@ -112,9 +116,9 @@ class EA_Controller extends CI_Controller { 'csrf_token' => $this->security->get_csrf_hash(), ]); } - + /** - * Load common script vars for all requests. + * Load common script vars for all requests. */ private function load_common_script_vars() { @@ -125,4 +129,21 @@ class EA_Controller extends CI_Controller { 'csrf_token' => $this->security->get_csrf_hash(), ]); } + + private function ensure_user_exists() + { + $user_id = session('user_id'); + + if ( ! $user_id) + { + return; + } + + if ( ! $this->accounts->does_account_exist($user_id)) + { + session_destroy(); + + abort(403, 'Forbidden'); + } + } } diff --git a/application/libraries/Accounts.php b/application/libraries/Accounts.php index ef995464..f2c3e679 100644 --- a/application/libraries/Accounts.php +++ b/application/libraries/Accounts.php @@ -16,7 +16,7 @@ * Accounts library. * * Handles account related functionality. - * + * * @package Libraries */ class Accounts { @@ -146,4 +146,16 @@ class Accounts { return $new_password; } + + /** + * Check if a user account exists or not. + * + * @param int $user_id + * + * @return bool + */ + public function does_account_exist(int $user_id): bool + { + return $this->CI->users_model->query()->where(['id' => $user_id, 'delete_datetime' => NULL])->get()->num_rows() > 0; + } }