Login

VortecCPI · (This post was last modified: 05-03-2018, 03:57 AM by VortecCPI.)

Dashboard.php

Shows a Bank Account and related data fro an account not authorized to a User.

All other Bank Account scripts seem to comply and work fine with ACL.

Fixed by changing SQL from this:

PHP Code:
    $Sql = "SELECT bankaccounts.accountcode,
                    bankaccounts.bankaccountcode,
                    chartmaster.accountname,
                    bankaccountname
            FROM bankaccounts INNER JOIN chartmaster
            ON bankaccounts.accountcode = chartmaster.accountcode"; 

To this:

PHP Code:
    $Sql = "SELECT bankaccounts.accountcode,
                    bankaccounts.bankaccountcode,
                    chartmaster.accountname,
                    bankaccountname
            FROM bankaccounts
            INNER JOIN chartmaster
            ON bankaccounts.accountcode = chartmaster.accountcode
            INNER JOIN bankaccountusers
            ON bankaccounts.accountcode=bankaccountusers.accountcode
            AND userid='" . $_SESSION['UserID'] . "'"; 

Login
Username:
Password:	Lost Password?
	Remember me