/** * Validate that the user has permission to access this company * * @param company_name string. The name of the company * */ function ValidatePermission($email = '') { CybPHP_Validate::ValidateInt($this->_company_id); CybPHP_Validate::ValidateEmail($email); $result = CybPHP_MySQL::Query('SELECT c.id_client ' . 'FROM webfinance_clients c ' . 'JOIN webfinance_clients2users c2u ON c2u.id_client = c.id_client ' . 'JOIN webfinance_users u ON u.id_user = c2u.id_user ' . "WHERE u.email = '{$email}' AND " . "c.id_client = {$this->_company_id}"); if (mysql_num_rows($result) != 1) { throw new Exception('Permission denied'); } }
/** * Get user ID from email address * * @param email string. The email address * * @return user_id int. The user ID. * */ static function GetIdFromEmail($email = '') { CybPHP_Validate::ValidateEmail($email); $email = mysql_escape_string($email); $result = CybPHP_MySQL::Query('SELECT id_user ' . 'FROM webfinance_users ' . "WHERE email = '{$email}'"); $user = mysql_fetch_assoc($result); return $user['id_user']; }