Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Dashboard Shows Bank Data for Unauthorized User - SOLVED
05-03-2018, 03:50 AM (This post was last modified: 05-03-2018 03:57 AM by VortecCPI.)
Post: #1
Dashboard Shows Bank Data for Unauthorized User - SOLVED
Dashboard.php

Shows a Bank Account and related data fro an account not authorized to a User.

All other Bank Account scripts seem to comply and work fine with ACL.
Fixed by changing SQL from this:
PHP Code:
    $Sql "SELECT bankaccounts.accountcode,
                    bankaccounts.bankaccountcode,
                    chartmaster.accountname,
                    bankaccountname
            FROM bankaccounts INNER JOIN chartmaster
            ON bankaccounts.accountcode = chartmaster.accountcode"


To this:
PHP Code:
    $Sql "SELECT bankaccounts.accountcode,
                    bankaccounts.bankaccountcode,
                    chartmaster.accountname,
                    bankaccountname
            FROM bankaccounts
            INNER JOIN chartmaster
            ON bankaccounts.accountcode = chartmaster.accountcode
            INNER JOIN bankaccountusers
            ON bankaccounts.accountcode=bankaccountusers.accountcode
            AND userid='" 
$_SESSION['UserID'] . "'"

https://www.linkedin.com/in/eclipsepaulbecker
Visit this user's website Find all posts by this user
Quote this message in a reply
05-03-2018, 05:32 AM
Post: #2
RE: Dashboard Shows Bank Data for Unauthorized User - SOLVED
Hi Paul,

I have submitted a Pull Request for your fix.

Andy.

https://www.linkedin.com/in/andrewcouling
Find all posts by this user
Quote this message in a reply
05-03-2018, 08:47 AM
Post: #3
RE: Dashboard Shows Bank Data for Unauthorized User - SOLVED
Thank you so much!

https://www.linkedin.com/in/eclipsepaulbecker
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)