<?php
/**
* Copyright (C) 2021 Double Bastion LLC
*
* This file is part of Roundpin, which is licensed under the
* GNU Affero General Public License Version 3.0. The license terms
* are detailed in the "LICENSE.txt" file located in the root directory.
*/
session_start();
// header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');
if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
define('ACCESSCONST', TRUE);
require('db-connect.php');
$username = $_POST['username'];
$aconfExtension = $_POST['aconfextension'];
// Get the user role and the list of groups to which the current user belongs, from the 'app_users' table
$querygr = $mysqli->prepare("SELECT id, userrole, username, user_groups FROM app_users WHERE BINARY username = ?");
$querygr->bind_param("s", $username);
$querygr->execute();
$querygrres = $querygr->get_result()->fetch_assoc();
$userrole = $querygrres['userrole'];
if ($userrole != 'superadmin') {
$usergroupsall = $querygrres['user_groups'];
$usergroupsarr = explode("|", $usergroupsall);
array_shift($usergroupsarr);
array_pop($usergroupsarr);
// Get the list of groups whose users have access to the current audio conference
$querycont = $mysqli->prepare("SELECT id, audio_conf_extension, limit_to_groups FROM conferences_audio WHERE audio_conf_extension = ?");
$querycont->bind_param("s", $aconfExtension);
$querycont->execute();
$querytcagr = $querycont->get_result()->fetch_assoc();
$querytcagrlst = $querytcagr['limit_to_groups'];
$querytcagrarr = explode("|", $querytcagrlst);
array_shift($querytcagrarr);
array_pop($querytcagrarr);
$chck = 0;
foreach ($usergroupsarr as $key => $arrval) {
if (in_array($arrval, $querytcagrarr)) { $chck++; }
}
if ($chck > 0) { $messagetosend = 'success'; } else { $messagetosend = 'failure'; }
} else { $messagetosend = 'success'; }
$response = array('result' => $messagetosend);
echo json_encode($response);
} else {
header("Location: ../login.php");
}
?>