Pro-Idler/ManagePanel
1
0
Fork 0
forked from Business/ManagePanel
Code Issues Pull Requests Projects Releases Wiki Activity

Merge again

Browse Source
This commit is contained in:
Skylar Ittner 2019-01-02 23:53:54 -07:00
commit cac6dacfb2
2 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
mobile/index.php
View File

@ -8,10 +8,6 @@
* Mobile app API * Mobile app API
*/ */
// The name of the permission needed to log in.
// Set to null if you don't need it.
$access_permission = "ADMIN";
require __DIR__ . "/../required.php"; require __DIR__ . "/../required.php";
header('Content-Type: application/json'); header('Content-Type: application/json');
@ -70,13 +66,14 @@ switch ($VARS['action']) {
if ($user->exists()) { if ($user->exists()) {
if ($user->getStatus()->getString() == "NORMAL") { if ($user->getStatus()->getString() == "NORMAL") {
if ($user->checkPassword($VARS['password'])) { if ($user->checkPassword($VARS['password'])) {
if (is_null($access_permission) || $user->hasPermission($access_permission)) { foreach ($SETTINGS['permissions'] as $perm) {
Session::start($user); if (!$user->hasPermission($perm)) {
$_SESSION['mobile'] = true; exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no permission", false)]));
exit(json_encode(["status" => "OK"])); }
} else {
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no admin permission", false)]));
} }
Session::start($user);
$_SESSION['mobile'] = true;
exit(json_encode(["status" => "OK"]));
} }
} }
} }

16
required.php
View File

@ -145,11 +145,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
define("GET", true); define("GET", true);
} }
function dieifnotloggedin() { function dieifnotloggedin() {
if ($_SESSION['loggedin'] != true) { if ($_SESSION['loggedin'] != true) {
die("You don't have permission to be here."); die("You don't have permission to be here.");
} }
$user = new User($_SESSION['uid']);
foreach ($SETTINGS['permissions'] as $perm) {
if (!$user->hasPermission($perm)) {
session_destroy();
die("You don't have permission to be here.");
}
}
} }
/** /**
@ -174,4 +180,12 @@ function redirectIfNotLoggedIn() {
header('Location: ' . $SETTINGS['url'] . '/index.php'); header('Location: ' . $SETTINGS['url'] . '/index.php');
die(); die();
} }
$user = new User($_SESSION['uid']);
foreach ($SETTINGS['permissions'] as $perm) {
if (!$user->hasPermission($perm)) {
session_destroy();
header('Location: ./index.php');
die("You don't have permission to be here.");
}
}
} }