Add permission checks

master
Skylar Ittner 7年前
コミット 988628adcb

@ -4,9 +4,14 @@
* Make things happen when buttons are pressed and forms submitted.
*/
require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/login.php";
dieifnotloggedin();
if (account_has_permission($_SESSION['username'], "QWIKCLOCK") == FALSE) {
die("You don't have permission to be here.");
}
/**
* Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.
* The message will be displayed by the app.

@ -1,10 +1,7 @@
<?php
require_once __DIR__ . "/required.php";
if ($_SESSION['loggedin'] != true) {
header('Location: index.php');
die("Session expired. Log in again to continue.");
}
redirectIfNotLoggedIn();
require_once __DIR__ . "/pages.php";

@ -4,7 +4,7 @@ require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/login.php";
// if we're logged in, we don't need to be here.
if ($_SESSION['loggedin']) {
if ($_SESSION['loggedin'] && account_has_permission($_SESSION['username'], "QWIKCLOCK")) {
header('Location: app.php');
}
@ -34,13 +34,17 @@ if (checkLoginServer()) {
break;
}
if ($userpass_ok) {
$_SESSION['passok'] = true; // stop logins using only username and authcode
if (userHasTOTP($VARS['username'])) {
$multiauth = true;
if (account_has_permission($VARS['username'], "QWIKCLOCK") == FALSE) {
$alert = lang("no admin permission", false);
} else {
doLoginUser($VARS['username'], $VARS['password']);
header('Location: app.php');
die("Logged in, go to app.php");
$_SESSION['passok'] = true; // stop logins using only username and authcode
if (userHasTOTP($VARS['username'])) {
$multiauth = true;
} else {
doLoginUser($VARS['username'], $VARS['password']);
header('Location: app.php');
die("Logged in, go to app.php");
}
}
}
} else {

@ -5,6 +5,7 @@ define("STRINGS", [
"username" => "Username",
"password" => "Password",
"continue" => "Continue",
"no admin permission" => "You do not have permission to access this system.",
"authcode" => "Authentication code",
"2fa prompt" => "Enter the six-digit code from your mobile authenticator app.",
"2fa incorrect" => "Authentication code incorrect.",

@ -186,6 +186,11 @@ if (!function_exists('base_url')) {
function redirectIfNotLoggedIn() {
if ($_SESSION['loggedin'] !== TRUE) {
header('Location: ' . URL . '/index.php');
die();
die("You are not logged in.");
}
require_once __DIR__ . "/lib/login.php";
if (account_has_permission($_SESSION['username'], "QWIKCLOCK") == FALSE) {
header('Location: ./index.php');
die("You don't have permission to be here.");
}
}

読み込み中…
キャンセル
保存