For reference I'm using the SLIM framework
My issue is where you see the commented out print_r commands in the code below. For some reason the variable is showing the correct values right before the !in_array function. I'm not sure what is going on, but when you pass the variable $allowedUserTypes into that function it seems to be using (I'm guessing an older version of the variable from somewhere) incorrect values. Not sure how this is possible though since it works right before that function??. I'm guessing there is some kind of scoping issue or I'm misunderstanding the use of the 'USE' keyword in an anonymous function.
$validate_user = function ($allowedUserTypes, $templateFolder = 'api'){
return function() use ($allowedUserTypes, $templateFolder){
global $app, $settings, $user, $device;
set_template_directory($templateFolder);
$errors = array();
$validated = true;//assumed valid until proven false.
//check session variables only if not token api call
if($app->request()->params('token') == ''){
//Check for expiration date hack
if($_SESSION['remember']==false){
$now = new DateTime();
$now->modify("-30 minutes");
}else{
$now = new DateTime();
$now->modify("-14 days");
}
//If the cookie still exists then it might have a time value in it. See if it's set.
if(isset($_SESSION['time'])){
//If time now (minus minute) is greater than the session time then hack attempted.
if($now > $_SESSION['time']){
$errors["errors"]["generic"][] = "Permission denied. Cookie expired.";
$validated = false;
unset($_SESSION['time']);
unset($_SESSION['remember']);
unset($_SESSION['userid']);
unset($user);
}
}
}
if(isset($user)){
$usertype = Usertype::find_by_id($user->usertype_id);//get all usertypes
//print_r($allowedUserTypes); --> shows Admin, Manager, Franchise Admin, Franchise Manager
if(!in_array($usertype->name,$allowedUserTypes)){
//print_r($allowedUserTypes); --> shows only Admin, Manager ??
$errors["errors"]["generic"][] = "Permission denied for user type :".$usertype->name;
$validated = false;
}
}else{
$errors["errors"]["generic"][] = "Permission denied. User not logged in. Please log in and try again.";
$validated = false;
}
if($validated==false){
$errors["command"] = "Error";
$errors['message'] = "User could not be validated.";
if($templateFolder=='templates'){
$app->render('shared/header.php', array('settings' => $settings));
$app->render($device.'/header.php', array('settings' => $settings, 'pagetitle' => 'Pool Service USA | Error Page', 'user' => $user));
$app->render($device.'/error.php', array('settings' => $settings, 'errors' => $errors,'device' => $device));
$app->render($device.'/footer.php', array('settings' => $settings));
$app->render('shared/footer.php', array('settings' => $settings));
}else{ //API Based Errors
$app->render('shared/error.php', array(
'settings' => $settings,
'errors' => $errors,
'device' => $device
));
}
$app->stop();//stop rendering to this point.
}
};
};
I'll show the 2 lines I use to call to this function right before I call it and after incase that has anything to do with it.
$app->map('/api/remove-user' ,'get_user',$validate_user(array('Admin','Manager','Franchise Admin','Franchise Manager')),$remove_record_for_class('User')) ->via('GET', 'POST');
$app->map('/api/view-user' ,'get_user',$validate_user(array('Admin','Manager','Franchise Admin','Franchise Manager')),$view_results_for_class('User')) ->via('GET', 'POST');
Any suggestions are appreciated!
