function is_admin()

in Lab Templates/Lab Template - WAF for GCP Coffeeshop/sql-injection-demo/lib/helpers.php [40:60]

• 18 lines of code
• 4 McCabe index (conditional complexity)

function is_admin()
{
  if (!setup()) return false;
  $user_id = $_SESSION['user_id'];
  // don't do it like that in productive systems
  // session variables can be changed and thus sql
  // injection is possible here aswell!
  $query = "SELECT * from users WHERE id=$user_id";
  $db = connectdb();
  $result = mysqli_multi_query($db, $query);
  if ($result) {
    $result = mysqli_use_result($db);
  }
  if ($result) {
    $user = mysqli_fetch_array($result, MYSQLI_ASSOC);
    mysqli_close($db);
    return $user['role'] == 'admin';
  }
  mysqli_close($db);
  return false;
}