GitList - GitList

Raw Blame Patch Log History
<?php
/**
 *  Copyright (C) 2021  Double Bastion LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

session_start();

 // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

    define('ACCESSCONST', TRUE);

    require('db-connect.php');

    $username = $_POST['username'];
    $vconfsipuser = $_POST['vconfsipuser'];
    $vconfExtension = $_POST['vconfextension'];

    // Get the user role and the list of groups to which the current user belongs, from the 'app_users' table
    $querygr = $mysqli->prepare("SELECT id, userrole, username, user_groups FROM app_users WHERE BINARY username = ?");
    $querygr->bind_param("s", $username);
    $querygr->execute();
    $querygrres = $querygr->get_result()->fetch_assoc();
    $userrole = $querygrres['userrole'];

    if ($userrole != 'superadmin') {

        $usergroupsall = $querygrres['user_groups'];
        $usergroupsarr = explode("|", $usergroupsall);
        array_shift($usergroupsarr);
        array_pop($usergroupsarr);

        // Get the list of groups whose users have access to the current video conference
        $querycont = $mysqli->prepare("SELECT id, video_conf_extension, limit_to_groups FROM conferences_video WHERE video_conf_extension = ?");
        $querycont->bind_param("s", $vconfExtension);
        $querycont->execute();
        $querytcagr = $querycont->get_result()->fetch_assoc();
        $querytcagrlst = $querytcagr['limit_to_groups'];
        $querytcagrarr = explode("|", $querytcagrlst);
        array_shift($querytcagrarr);
        array_pop($querytcagrarr);

        $chck = 0;
        foreach ($usergroupsarr as $key => $arrval) {
              if (in_array($arrval, $querytcagrarr)) { $chck++; }
        }

        if ($chck > 0) { $restrictmessage = 'success'; } else { $restrictmessage = 'failure'; }

    } else { $restrictmessage = 'success'; }

    // Check if the current user has been banned from accessing this conference
    $queryselck = $mysqli->prepare("SELECT banned_sipusername, conf_extension, banned_until FROM banned_users WHERE banned_sipusername = ? AND conf_extension = ?");
    $queryselck->bind_param("ss", $vconfsipuser, $vconfExtension);
    $queryselck->execute();
    $userdatafromdbck = $queryselck->get_result()->fetch_assoc();

    if ($userdatafromdbck) {

        $currentDate = new DateTime(date("Y-m-d H:i:s"));
        $banDate = new DateTime($userdatafromdbck['banned_until']);

        if ($currentDate <= $banDate) {
            $banmessage = 'failure';
        } else {
            $banmessage = 'success';

            // Remove the database record, since the ban time has expired
            $querydel = $mysqli->prepare("DELETE FROM banned_users WHERE banned_sipusername = ? AND conf_extension = ?");
            $querydel->bind_param("ss", $vconfsipuser, $vconfExtension);
            $querydel->execute();
        }

    } else { $banmessage = 'success'; }

    $response = array('restrict' => $restrictmessage, 'notbanned' => $banmessage);

    echo json_encode($response);

} else {
    header("Location: ../login.php");
}

?>