From c86e82354cdafa9aaa785455505a2e8b0ce5fc73 Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Fri, 30 Apr 2021 10:15:25 +0300
Subject: Check can_edit_reports and can_edit_bugs flags

---
 bug/edit.php    | 5 +++++
 report/edit.php | 7 +++++++
 user/delete.php | 2 ++
 user/login.php  | 9 +++++++--
 user/logout.php | 2 ++
 5 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/bug/edit.php b/bug/edit.php
index ad1ea36..9aaac38 100644
--- a/bug/edit.php
+++ b/bug/edit.php
@@ -27,6 +27,11 @@ if($id != "") {
     $submitter = $result['submitter'];
     $description = $result['description'];
 }
+
+if(!$_SESSION['user_can_edit_bugs'] || ($submitter != $_SESSION['user_name'])) {
+    echo "You cannot edit bugs!";
+    goto footer;
+}
 ?>
 
 <form action="update.php?id=<?php echo $id; ?>" method="post">
diff --git a/report/edit.php b/report/edit.php
index cd2e1a8..b6d5049 100644
--- a/report/edit.php
+++ b/report/edit.php
@@ -29,6 +29,11 @@ if($id != "") {
     $description = $result['description'];
 }
 
+if(!$_SESSION['user_can_edit_reports'] || ($submitter != $_SESSION['user_name'])) {
+    echo "You cannot edit reports!";
+    goto footer;
+}
+
 # get bug id's
 $bugs = $conn->query("SELECT id, title FROM bugs");
 
@@ -42,9 +47,11 @@ $bugs = $conn->query("SELECT id, title FROM bugs");
 <p>Assign to bug: <select name="bug_id">
 <option value="">None</option>
 <?php
+if($_SESSION['user_can_edit_bugs']) {
 foreach($bugs as $bug) {
     echo "<option value=$bug[id]>$bug[title]</option>";
 }
+}
 ?>
 </select></p>
 <input type="submit" value="submit" >
diff --git a/user/delete.php b/user/delete.php
index b46cdce..80740e7 100644
--- a/user/delete.php
+++ b/user/delete.php
@@ -13,6 +13,8 @@ if($query->execute()) {
     echo '<h2>Account successfully deleted</h2>';
     unset($_SESSION['user_name']);
     unset($_SESSION['user_id']);
+    unset($_SESSION['user_can_edit_bugs']);
+    unset($_SESSION['user_can_edit_reports']);
 } else {
     echo '<h2>Account deletion failed</h2>';
 }
diff --git a/user/login.php b/user/login.php
index a927d02..7a25d38 100644
--- a/user/login.php
+++ b/user/login.php
@@ -4,13 +4,18 @@ require_once(TEMPLATES_PATH . "/header.php");
 session_start();
 
 $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
-$query = "SELECT id, username, password FROM users WHERE username = '$_POST[username]'";
-$result = $conn->query($query)->fetch();
+$query = $conn->prepare("SELECT id, username, password, can_edit_bugs, can_edit_reports 
+    FROM users WHERE username=:username");
+$query->bindParam(':username', $_POST['username']);
+$query->execute();
+$result = $query->fetch();
 
 if(password_verify($_POST['password'], $result['password'])) {
     echo 'password verified';
     $_SESSION['user_name'] = $result['username'];
     $_SESSION['user_id'] = $result['id'];
+    $_SESSION['user_can_edit_bugs'] = $result['can_edit_bugs'];
+    $_SESSION['user_can_edit_reports'] = $result['can_edit_reports'];
 } else {
     echo 'wrong password';
 }
diff --git a/user/logout.php b/user/logout.php
index 26bbfa0..319a43a 100644
--- a/user/logout.php
+++ b/user/logout.php
@@ -5,6 +5,8 @@ require_once(TEMPLATES_PATH . "/header.php");
 session_start();
 unset($_SESSION['user_name']);
 unset($_SESSION['user_id']);
+unset($_SESSION['user_can_edit_bugs']);
+unset($_SESSION['user_can_edit_reports']);
 
 echo 'Session cleared';
 header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
-- 
cgit v1.2.1