Merge branch 'master' of http://git.dirt.kz/igor/Metadata_PHP

2020-10-29 17:11:53 +06:00
parent 7e236fa3ad 47e4f4ca94
commit e29891e06c
5 changed files with 35 additions and 10 deletions
--- a/metadata/dbms/records.php
+++ b/metadata/dbms/records.php
@ -10,7 +10,9 @@

 	//if(isset($_GET[session_name()]) && $_GET[session_name()]!='') //Чтоб сессия переданная гетом была главней
 	//	session_id($_GET[session_name()]);
-	@session_start();
+
+    startSession(true); //Для ручного определения времени жизни сесии
+
 	if(isset($_SESSION['REMOTE_ADDR']) && $_SESSION['REMOTE_ADDR'] != $_SERVER['REMOTE_ADDR']) unset($_SESSION['USER_ID']); //Делаемся не авторизованным если зашли с другого ip адреса
 	if(!isset($_SESSION['USER_ID'])) { $_SESSION['USER_ID']=null; }
 	if(!isset($_COOKIE['GUID'])) { $_COOKIE['GUID']=null; }
@ -278,7 +280,7 @@
 			//Вернём значение прав доступа для запрошенного объекта
 			//$allow=true;
 			$allow=false;
-			//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Insert_'.$typename.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');'
+			//$sql_query='select a.*,at.name from _Access a, _Actions at where a.del=false and at.id=a.action_id and at.name=\'Insert_'.$typename.'\' and a.group_id in (select group_id from _UsersRoles where user_id='.$_SESSION['USER_ID'].');'
 			$sql_query='select '.$Schema.'p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Insert_'.$typename.'\') as allow;';
 			
 			$res = $db->query($sql_query);
@ -291,7 +293,7 @@
 			$currNode->setAttributeNode($xmlAttr);

 			$allow=false;
-			//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Update_'.$typename.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');';
+			//$sql_query='select a.*,at.name from _Access a, _Actions at where a.del=false and at.id=a.action_id and at.name=\'Update_'.$typename.'\' and a.group_id in (select group_id from _UsersRoles where user_id='.$_SESSION['USER_ID'].');';
 			$sql_query='select '.$Schema.'p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Update_'.$typename.'\') as allow;';
 			$res = $db->query($sql_query);
 			while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
@ -303,7 +305,7 @@
 			$currNode->setAttributeNode($xmlAttr);

 			$allow=false;
-			//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Delete_'.$typename.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');';
+			//$sql_query='select a.*,at.name from _Access a, _Actions at where a.del=false and at.id=a.action_id and at.name=\'Delete_'.$typename.'\' and a.group_id in (select group_id from _UsersRoles where user_id='.$_SESSION['USER_ID'].');';
 			$sql_query='select '.$Schema.'p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Delete_'.$typename.'\') as allow;';
 			$res = $db->query($sql_query);
 			while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
@ -915,7 +917,7 @@

 		if($cmd==0) //Restore password by email
 		{
-			$res = $db->query("select 1 from \"_Users\" where del=false and email = '$login';");
+			$res = $db->query("select 1 from _Users where del=false and email = '$login';");
 			if($res->rowCount()>0)
 			{
 				mail($login,'BigFootTrade.kz','Not implement',"Content-type: text/html; charset=utf-8\r\nFrom: BigFootTrade Site <info@bigfoottrade.kz>");