Browse Source

Add permission checks

tags/v1.0
Skylar Ittner 2 years ago
parent
commit
988628adcb
5 changed files with 24 additions and 12 deletions
  1. 5
    0
      action.php
  2. 1
    4
      app.php
  3. 11
    7
      index.php
  4. 1
    0
      lang/en_us.php
  5. 6
    1
      required.php

+ 5
- 0
action.php View File

@@ -4,9 +4,14 @@
* Make things happen when buttons are pressed and forms submitted.
*/
require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/login.php";

dieifnotloggedin();

if (account_has_permission($_SESSION['username'], "QWIKCLOCK") == FALSE) {
die("You don't have permission to be here.");
}

/**
* Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.
* The message will be displayed by the app.

+ 1
- 4
app.php View File

@@ -1,10 +1,7 @@
<?php
require_once __DIR__ . "/required.php";

if ($_SESSION['loggedin'] != true) {
header('Location: index.php');
die("Session expired. Log in again to continue.");
}
redirectIfNotLoggedIn();

require_once __DIR__ . "/pages.php";


+ 11
- 7
index.php View File

@@ -4,7 +4,7 @@ require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/login.php";

// if we're logged in, we don't need to be here.
if ($_SESSION['loggedin']) {
if ($_SESSION['loggedin'] && account_has_permission($_SESSION['username'], "QWIKCLOCK")) {
header('Location: app.php');
}

@@ -34,13 +34,17 @@ if (checkLoginServer()) {
break;
}
if ($userpass_ok) {
$_SESSION['passok'] = true; // stop logins using only username and authcode
if (userHasTOTP($VARS['username'])) {
$multiauth = true;
if (account_has_permission($VARS['username'], "QWIKCLOCK") == FALSE) {
$alert = lang("no admin permission", false);
} else {
doLoginUser($VARS['username'], $VARS['password']);
header('Location: app.php');
die("Logged in, go to app.php");
$_SESSION['passok'] = true; // stop logins using only username and authcode
if (userHasTOTP($VARS['username'])) {
$multiauth = true;
} else {
doLoginUser($VARS['username'], $VARS['password']);
header('Location: app.php');
die("Logged in, go to app.php");
}
}
}
} else {

+ 1
- 0
lang/en_us.php View File

@@ -5,6 +5,7 @@ define("STRINGS", [
"username" => "Username",
"password" => "Password",
"continue" => "Continue",
"no admin permission" => "You do not have permission to access this system.",
"authcode" => "Authentication code",
"2fa prompt" => "Enter the six-digit code from your mobile authenticator app.",
"2fa incorrect" => "Authentication code incorrect.",

+ 6
- 1
required.php View File

@@ -186,6 +186,11 @@ if (!function_exists('base_url')) {
function redirectIfNotLoggedIn() {
if ($_SESSION['loggedin'] !== TRUE) {
header('Location: ' . URL . '/index.php');
die();
die("You are not logged in.");
}
require_once __DIR__ . "/lib/login.php";
if (account_has_permission($_SESSION['username'], "QWIKCLOCK") == FALSE) {
header('Location: ./index.php');
die("You don't have permission to be here.");
}
}

Loading…
Cancel
Save