new file mode 100644

@@ -0,0 +1,89 @@

+<?php

+/**

+ *  Copyright (C) 2021  Double Bastion LLC

+ *

+ *  This file is part of Roundpin, which is licensed under the

+ *  GNU Affero General Public License Version 3.0. The license terms

+ *  are detailed in the "LICENSE.txt" file located in the root directory.

+ */

+

+session_start();

+

+ // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

+

+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

+

+    define('ACCESSCONST', TRUE);

+

+    require('db-connect.php');

+

+    $username = $_POST['username'];

+    $vconfsipuser = $_POST['vconfsipuser'];

+    $vconfExtension = $_POST['vconfextension'];

+

+    // Get the user role and the list of groups to which the current user belongs, from the 'app_users' table

+    $querygr = $mysqli->prepare("SELECT id, userrole, username, user_groups FROM app_users WHERE BINARY username = ?");

+    $querygr->bind_param("s", $username);

+    $querygr->execute();

+    $querygrres = $querygr->get_result()->fetch_assoc();

+    $userrole = $querygrres['userrole'];

+

+    if ($userrole != 'superadmin') {

+

+        $usergroupsall = $querygrres['user_groups'];

+        $usergroupsarr = explode("|", $usergroupsall);

+        array_shift($usergroupsarr);

+        array_pop($usergroupsarr);

+

+        // Get the list of groups whose users have access to the current video conference

+        $querycont = $mysqli->prepare("SELECT id, video_conf_extension, limit_to_groups FROM conferences_video WHERE video_conf_extension = ?");

+        $querycont->bind_param("s", $vconfExtension);

+        $querycont->execute();

+        $querytcagr = $querycont->get_result()->fetch_assoc();

+        $querytcagrlst = $querytcagr['limit_to_groups'];

+        $querytcagrarr = explode("|", $querytcagrlst);

+        array_shift($querytcagrarr);

+        array_pop($querytcagrarr);

+

+        $chck = 0;

+        foreach ($usergroupsarr as $key => $arrval) {

+              if (in_array($arrval, $querytcagrarr)) { $chck++; }

+        }

+

+        if ($chck > 0) { $restrictmessage = 'success'; } else { $restrictmessage = 'failure'; }

+

+    } else { $restrictmessage = 'success'; }

+

+    // Check if the current user has been banned from accessing this conference

+    $queryselck = $mysqli->prepare("SELECT banned_sipusername, conf_extension, banned_until FROM banned_users WHERE banned_sipusername = ? AND conf_extension = ?");

+    $queryselck->bind_param("ss", $vconfsipuser, $vconfExtension);

+    $queryselck->execute();

+    $userdatafromdbck = $queryselck->get_result()->fetch_assoc();

+

+    if ($userdatafromdbck) {

+

+        $currentDate = new DateTime(date("Y-m-d H:i:s"));

+        $banDate = new DateTime($userdatafromdbck['banned_until']);

+

+        if ($currentDate <= $banDate) {

+            $banmessage = 'failure';

+        } else {

+            $banmessage = 'success';

+

+            // Remove the database record, since the ban time has expired

+            $querydel = $mysqli->prepare("DELETE FROM banned_users WHERE banned_sipusername = ? AND conf_extension = ?");

+            $querydel->bind_param("ss", $vconfsipuser, $vconfExtension);

+            $querydel->execute();

+        }

+

+    } else { $banmessage = 'success'; }

+

+    $response = array('restrict' => $restrictmessage, 'notbanned' => $banmessage);

+

+    echo json_encode($response);

+

+} else {

+    header("Location: ../login.php");

+}

+

+?>