Permalink
Fetching contributors…
Cannot retrieve contributors at this time
64 lines (52 sloc) 1.82 KB
<?php
require_once('nudatabase.php');
if(!array_key_exists('p',$_REQUEST)) {
header("Content-Type: text/html");
header("HTTP/1.0 400 Bad Request");
die('No procedure code is provided.');
}
$getPHPIDQRY = nuRunQuery("
SELECT zzzzsys_php_id FROM zzzzsys_php
WHERE sph_code = ?
", array($_REQUEST['p']));
if(db_num_rows($getPHPIDQRY) != 1){
header("Content-Type: text/html");
header("HTTP/1.0 400 Bad Request");
die('Could not find procedure with code given.');
}
$getPHPIDOBJ = db_fetch_object($getPHPIDQRY);
$PHPID = $getPHPIDOBJ->zzzzsys_php_id;
if($PHPID == ''){
header("Content-Type: text/html");
header("HTTP/1.0 400 Bad Request");
die('Invalid procedure was found.');
}
require_once('nusession.php');
if(!array_key_exists('TEMPORARY_SESSION', $_SESSION)){
$getAccessQRY = nuRunQuery("
SELECT * FROM zzzzsys_session WHERE zzzzsys_session_id = ?
", array($_SESSION['nubuilder_session_data']['SESSION_ID']));
if (db_num_rows($getAccessQRY) != 1) {
header("Content-Type: text/html");
header("HTTP/1.0 400 Bad Request");
die('Could not find session data.');
}
$getAccessOBJ = db_fetch_object($getAccessQRY);
$accessArray = json_decode($getAccessOBJ->sss_access, true);
if ($accessArray['session']['global_access'] != 1) {
$hasAccess = false;
for ($i = 0; $i < count($accessArray['procedures']); $i++) {
if ($accessArray['procedures'][$i][0] == $PHPID)
$hasAccess = true;
}
if (!$hasAccess) {
header("Content-Type: text/html");
header("HTTP/1.0 403 Forbidden");
die('You do not have access to this procedure.');
}
}
}
//require_once('nuevalphpclass.php');
//$procedure = new nuEvalPHPClass($PHPID);
require_once('nucommon.php');
nuEval($PHPID);