Login

VortecCPI · (This post was last modified: 05-03-2018, 03:57 AM by VortecCPI.)

Dashboard.php

Shows a Bank Account and related data fro an account not authorized to a User.

All other Bank Account scripts seem to comply and work fine with ACL.

Fixed by changing SQL from this:

PHP Code:
    $Sql = "SELECT bankaccounts.accountcode,
                    bankaccounts.bankaccountcode,
                    chartmaster.accountname,
                    bankaccountname
            FROM bankaccounts INNER JOIN chartmaster
            ON bankaccounts.accountcode = chartmaster.accountcode"; 

To this:

PHP Code:
    $Sql = "SELECT bankaccounts.accountcode,
                    bankaccounts.bankaccountcode,
                    chartmaster.accountname,
                    bankaccountname
            FROM bankaccounts
            INNER JOIN chartmaster
            ON bankaccounts.accountcode = chartmaster.accountcode
            INNER JOIN bankaccountusers
            ON bankaccounts.accountcode=bankaccountusers.accountcode
            AND userid='" . $_SESSION['UserID'] . "'"; 

afcouling · 05-03-2018, 05:32 AM,

Hi Paul,

I have submitted a Pull Request for your fix.

Andy.

VortecCPI · 05-03-2018, 08:47 AM,

Thank you so much!

Login
Username:
Password:	Lost Password?
	Remember me