Browse Source

Merge again

Skylar Ittner 3 months ago
parent
commit
cac6dacfb2
2 changed files with 22 additions and 11 deletions
  1. 7
    10
      mobile/index.php
  2. 15
    1
      required.php

+ 7
- 10
mobile/index.php View File

@@ -8,10 +8,6 @@
8 8
  * Mobile app API
9 9
  */
10 10
 
11
-// The name of the permission needed to log in.
12
-// Set to null if you don't need it.
13
-$access_permission = "ADMIN";
14
-
15 11
 require __DIR__ . "/../required.php";
16 12
 
17 13
 header('Content-Type: application/json');
@@ -70,13 +66,14 @@ switch ($VARS['action']) {
70 66
         if ($user->exists()) {
71 67
             if ($user->getStatus()->getString() == "NORMAL") {
72 68
                 if ($user->checkPassword($VARS['password'])) {
73
-                    if (is_null($access_permission) || $user->hasPermission($access_permission)) {
74
-                        Session::start($user);
75
-                        $_SESSION['mobile'] = true;
76
-                        exit(json_encode(["status" => "OK"]));
77
-                    } else {
78
-                        exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no admin permission", false)]));
69
+                    foreach ($SETTINGS['permissions'] as $perm) {
70
+                        if (!$user->hasPermission($perm)) {
71
+                            exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no permission", false)]));
72
+                        }
79 73
                     }
74
+                    Session::start($user);
75
+                    $_SESSION['mobile'] = true;
76
+                    exit(json_encode(["status" => "OK"]));
80 77
                 }
81 78
             }
82 79
         }

+ 15
- 1
required.php View File

@@ -145,11 +145,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
145 145
     define("GET", true);
146 146
 }
147 147
 
148
-
149 148
 function dieifnotloggedin() {
150 149
     if ($_SESSION['loggedin'] != true) {
151 150
         die("You don't have permission to be here.");
152 151
     }
152
+    $user = new User($_SESSION['uid']);
153
+    foreach ($SETTINGS['permissions'] as $perm) {
154
+        if (!$user->hasPermission($perm)) {
155
+            session_destroy();
156
+            die("You don't have permission to be here.");
157
+        }
158
+    }
153 159
 }
154 160
 
155 161
 /**
@@ -174,4 +180,12 @@ function redirectIfNotLoggedIn() {
174 180
         header('Location: ' . $SETTINGS['url'] . '/index.php');
175 181
         die();
176 182
     }
183
+    $user = new User($_SESSION['uid']);
184
+    foreach ($SETTINGS['permissions'] as $perm) {
185
+        if (!$user->hasPermission($perm)) {
186
+            session_destroy();
187
+            header('Location: ./index.php');
188
+            die("You don't have permission to be here.");
189
+        }
190
+    }
177 191
 }

Loading…
Cancel
Save