inventory
inventory copied to clipboard
User account disable causes infinite redirect
Describe the bug If logged in as an administrator; if you disable the account currently logged in with, it breaks the program without recovery.
To Reproduce Steps to reproduce the behavior: login as admin go to user management edit admin user "Deactive" admin account, select update
Expected behavior A clear and concise description of what you expected to happen. admin account should be disabled and user is logged out
Desktop (please complete the following information):
- OS: Mac OS
- Browser: Safari and Chrome
Additional context Recovering from the issue requires a git reset --hard to the previous state. Unclear why the problem occurs. When attempting to login with admin again, the logs will show that the user is authenticated but the program is possibly broken somewhere around the users/home.php line 11 if (!$session->isUserLoggedIn(true)) { redirect('index.php', false);} as it constantly redirects to home.php
edit: After a bit of digging this issue might have something to do with the session cookies for the browser. I can't seem to find a reliable fix. Sometimes a git reset works, sometimes a database table flush and rebuild works.
This could be prevented by adding a few lines of code to /users/users.php and /users/edit_users.php
LIne 86 users.php prevents deleting the master admin account.
<?php if ($a_user['id'] != '1') { ?>
<a href="../users/delete_user.php?id=<?php echo (int)$a_user['id'];?>" onClick="return confirm('Are you sure you want to delete?')" class="btn btn-xs btn-danger" data-toggle="tooltip" title="Remove">
<i class="glyphicon glyphicon-remove"></i>
</a>
<?php } ?>
and
Line 126 edit_users.php prevents deactivating the admin account
<?php if ($e_user['id'] != '1') { ?>
<div class="form-group">
<label for="status">Status</label>
<select class="form-control" name="status">
<option <?php if ($e_user['status'] === '1') echo 'selected="selected"';?>value="1">Active</option>
<option <?php if ($e_user['status'] === '0') echo 'selected="selected"';?> value="0">Deactive</option>
</select>
</div>
<?php } ?>