web/public_php/ams/inc/change_permission.php

   1 <?php
   2 /**
   3 * This function is beign used to change the permission of a ticket_user.
   4 * It will first check if the user who executed this function is an admin. If this is not the case the page will be redirected to an error page.
   5 * in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1), the change will be executed and the page will
   6 * redirect to the users profile page.
   7 * @author Daan Janssens, mentored by Matthew Lagoe
   8 */
   9 function change_permission(){
  10     global $INGAME_WEBPATH;
  11     global $WEBPATH;
  12     //if logged in
  13     if(WebUsers::isLoggedIn()){
  14
  15         //check if user who executed this function is an admin
  16         if(ticket_user::isAdmin(unserialize($_SESSION['ticket_user']))){
  17
  18             //in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1)
  19             if(isset($_GET['user_id']) && isset($_GET['value']) && $_GET['user_id'] != 1 && $_GET['value'] < 4 ){
  20                 $user_id = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT);
  21                 $value = filter_var($_GET['value'], FILTER_SANITIZE_NUMBER_INT);
  22
  23                 //execute change.
  24                 Ticket_User::change_permission(Ticket_User::constr_ExternId($user_id)->getTUserId(), $value);
  25                 header("Cache-Control: max-age=1");
  26                 if (Helpers::check_if_game_client()) {
  27                     header("Location: ".$INGAME_WEBPATH."?page=show_user&id=".$user_id);
  28                 }else{
  29                     header("Location: ".$WEBPATH."?page=show_user&id=".$user_id);
  30                 }
  31                 throw new SystemExit();
  32
  33
  34             }else{
  35                 //ERROR: GET PARAMS not given or trying to change admin
  36                 header("Cache-Control: max-age=1");
  37                 if (Helpers::check_if_game_client()) {
  38                     header("Location: ".$INGAME_WEBPATH."?page=show_user&id=".$user_id);
  39                 }else{
  40                     header("Location: ".$WEBPATH."?page=show_user&id=".$user_id);
  41                 }
  42                 throw new SystemExit();
  43             }
  44
  45         }else{
  46             //ERROR: No access!
  47             $_SESSION['error_code'] = "403";
  48                 header("Cache-Control: max-age=1");
  49             header("Location: index.php?page=error");
  50             throw new SystemExit();
  51
  52         }
  53
  54     }else{
  55         //ERROR: not logged in!
  56                 header("Cache-Control: max-age=1");
  57         header("Location: index.php");
  58         throw new SystemExit();
  59     }
  60
  61
  62 }