function checkaccessmodule($module_id){ checkloged(); $userlogin = getValue("userlogin", "str", "SESSION", "", 1); $password = getValue("password", "str", "SESSION", "", 1); $lang_id = getValue("lang_id", "int", "SESSION", 1); $db_getright = new db_query("SELECT * FROM admin_user WHERE adm_loginname='" . $userlogin . "' AND adm_password='******' AND adm_active=1 AND adm_delete = 0"); //Check xem user co ton tai hay khong if ($row = mysql_fetch_array($db_getright->result)){ //Neu column adm_isadmin = 1 thi cho access if ($row['adm_isadmin'] == 1) { $db_getright->close(); unset($db_getright); return 1; } } //Ko co thi` fail luon else{ $db_getright->close(); unset($db_getright); return 0; } $db_getright->close(); unset($db_getright); //check user $db_getright = new db_query("SELECT * FROM admin_user, admin_user_right, modules WHERE adm_id = adu_admin_id AND mod_id = adu_admin_module_id AND adm_loginname='" . $userlogin . "' AND adm_password='******' AND adm_active=1 AND adm_delete = 0 AND mod_id = " . $module_id); if ($row=mysql_fetch_array($db_getright->result)){ $db_getright->close(); unset($db_getright); return 1; } else{ $db_getright->close(); unset($db_getright); return 0; } }
function checkLogged($a = "") { checkloged(); $a = $a ? $a : '../../resources/php/deny.php'; $b = getValue('userlogin', 'str', 'SESSION', ''); $c = getValue('password', 'str', 'SESSION', ''); $d = getValue("user_id", "int", "SESSION"); $e = getValue("isAdmin", "int", "SESSION", 0); $f = new db_query("SELECT adm_id \n\t\t\t\t\t\t\t\t FROM admin_users\n\t\t\t\t\t\t\t\t WHERE adm_loginname = '" . $b . "' AND adm_password = '******'"); if (mysqli_num_rows($f->result) > 0) { $g = mysqli_fetch_array($f->result); $h = $g["adm_id"]; $f->close(); unset($f); if ($h != $d) { redirect($a); } } else { redirect($a); } }
function check_super_admin() { checkloged(); $isSuperAdmin = getValue('isSuperAdmin', 'int', 'SESSION', 0); $denypath = '../../resources/php/deny.php'; if (!$isSuperAdmin) { redirect($denypath); } else { return true; } }