mirror of
https://github.com/alextselegidis/easyappointments.git
synced 2024-11-10 01:52:22 +03:00
Do not allow a user to access the app if their account was removed.
This commit is contained in:
parent
f3a3fb047e
commit
e1a8de1652
2 changed files with 40 additions and 7 deletions
|
@ -75,6 +75,10 @@ class EA_Controller extends CI_Controller {
|
|||
{
|
||||
parent::__construct();
|
||||
|
||||
$this->load->library('accounts');
|
||||
|
||||
$this->ensure_user_exists();
|
||||
|
||||
$this->configure_language();
|
||||
|
||||
$this->load_common_html_vars();
|
||||
|
@ -125,4 +129,21 @@ class EA_Controller extends CI_Controller {
|
|||
'csrf_token' => $this->security->get_csrf_hash(),
|
||||
]);
|
||||
}
|
||||
|
||||
private function ensure_user_exists()
|
||||
{
|
||||
$user_id = session('user_id');
|
||||
|
||||
if ( ! $user_id)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! $this->accounts->does_account_exist($user_id))
|
||||
{
|
||||
session_destroy();
|
||||
|
||||
abort(403, 'Forbidden');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -146,4 +146,16 @@ class Accounts {
|
|||
|
||||
return $new_password;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a user account exists or not.
|
||||
*
|
||||
* @param int $user_id
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function does_account_exist(int $user_id): bool
|
||||
{
|
||||
return $this->CI->users_model->query()->where(['id' => $user_id, 'delete_datetime' => NULL])->get()->num_rows() > 0;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue