admin/35512-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added session_start()

Browse Source
This commit is contained in:
Flatlogic Bot 2025-11-08 17:43:12 +00:00
parent c583d9b74d
commit 17da95852f
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
users.php
View File

@ -1,10 +1,10 @@
<?php
session_start();
require_once 'db/config.php';
require_once 'auth-check.php';
require_once 'auth-helpers.php';
echo "Test";
exit();
// Only Admins can access this page
if (!can($_SESSION['user_role'], 'user', 'read')) {
@ -14,7 +14,20 @@ if (!can($_SESSION['user_role'], 'user', 'read')) {
// Get allowed fields for the current user
$allowed_fields_str = can($_SESSION['user_role'], 'user', 'read');
$allowed_fields = $allowed_fields_str ? explode(',', $allowed_fields_str) : [];
$allowed_fields = ($allowed_fields_str && $allowed_fields_str !== '*') ? explode(',', $allowed_fields_str) : [];
if ($allowed_fields_str === '*') {
try {
$pdo = db();
$stmt = $pdo->query("SHOW COLUMNS FROM users");
$columns = $stmt->fetchAll(PDO::FETCH_COLUMN);
// Exclude sensitive fields like password
$allowed_fields = array_diff($columns, ['password']);
} catch (PDOException $e) {
// Handle error, maybe default to a safe subset of fields
$allowed_fields = ['id', 'name', 'email', 'role'];
}
}
function get_users($fields) {
if (empty($fields)) {