Business/QwikClock
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add permission checks

Browse Source
This commit is contained in:
Skylar Ittner 2017-06-24 23:33:55 -06:00
parent 7c4e122cc0
commit 988628adcb
5 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
action.php
View File

@ -4,9 +4,14 @@
* Make things happen when buttons are pressed and forms submitted. * Make things happen when buttons are pressed and forms submitted.
*/ */
require_once __DIR__ . "/required.php"; require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/login.php";
dieifnotloggedin(); dieifnotloggedin();
if (account_has_permission($_SESSION['username'], "QWIKCLOCK") == FALSE) {
die("You don't have permission to be here.");
}
/** /**
* Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID. * Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.
* The message will be displayed by the app. * The message will be displayed by the app.

5
app.php
View File

@ -1,10 +1,7 @@
<?php <?php
require_once __DIR__ . "/required.php"; require_once __DIR__ . "/required.php";
if ($_SESSION['loggedin'] != true) { redirectIfNotLoggedIn();
header('Location: index.php');
die("Session expired. Log in again to continue.");
}
require_once __DIR__ . "/pages.php"; require_once __DIR__ . "/pages.php";

18
index.php
View File

@ -4,7 +4,7 @@ require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/login.php"; require_once __DIR__ . "/lib/login.php";
// if we're logged in, we don't need to be here. // if we're logged in, we don't need to be here.
if ($_SESSION['loggedin']) { if ($_SESSION['loggedin'] && account_has_permission($_SESSION['username'], "QWIKCLOCK")) {
header('Location: app.php'); header('Location: app.php');
} }
@ -34,13 +34,17 @@ if (checkLoginServer()) {
break; break;
} }
if ($userpass_ok) { if ($userpass_ok) {
$_SESSION['passok'] = true; // stop logins using only username and authcode if (account_has_permission($VARS['username'], "QWIKCLOCK") == FALSE) {
if (userHasTOTP($VARS['username'])) { $alert = lang("no admin permission", false);
$multiauth = true;
} else { } else {
doLoginUser($VARS['username'], $VARS['password']); $_SESSION['passok'] = true; // stop logins using only username and authcode
header('Location: app.php'); if (userHasTOTP($VARS['username'])) {
die("Logged in, go to app.php"); $multiauth = true;
} else {
doLoginUser($VARS['username'], $VARS['password']);
header('Location: app.php');
die("Logged in, go to app.php");
}
} }
} }
} else { } else {

1
lang/en_us.php
View File

@ -5,6 +5,7 @@ define("STRINGS", [
"username" => "Username", "username" => "Username",
"password" => "Password", "password" => "Password",
"continue" => "Continue", "continue" => "Continue",
"no admin permission" => "You do not have permission to access this system.",
"authcode" => "Authentication code", "authcode" => "Authentication code",
"2fa prompt" => "Enter the six-digit code from your mobile authenticator app.", "2fa prompt" => "Enter the six-digit code from your mobile authenticator app.",
"2fa incorrect" => "Authentication code incorrect.", "2fa incorrect" => "Authentication code incorrect.",

7
required.php
View File

@ -186,6 +186,11 @@ if (!function_exists('base_url')) {
function redirectIfNotLoggedIn() { function redirectIfNotLoggedIn() {
if ($_SESSION['loggedin'] !== TRUE) { if ($_SESSION['loggedin'] !== TRUE) {
header('Location: ' . URL . '/index.php'); header('Location: ' . URL . '/index.php');
die(); die("You are not logged in.");
}
require_once __DIR__ . "/lib/login.php";
if (account_has_permission($_SESSION['username'], "QWIKCLOCK") == FALSE) {
header('Location: ./index.php');
die("You don't have permission to be here.");
} }
} }