Check if the session username and database username are the same
This commit is contained in:
parent
4fa894925e
commit
e9685cf6d5
@ -16,22 +16,31 @@ Router\before(function($action) {
|
|||||||
Model\Database\select($_SESSION['database']);
|
Model\Database\select($_SESSION['database']);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Redirect to the login form if the user is not authenticated
|
// Authentication
|
||||||
$ignore_actions = array('login', 'bookmark-feed', 'select-db');
|
if (Model\User\is_logged()) {
|
||||||
|
|
||||||
if (! isset($_SESSION['user']) && ! in_array($action, $ignore_actions)) {
|
if (! Model\User\is_user_session()) {
|
||||||
|
Session\close();
|
||||||
|
Response\redirect('?action=login');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Model\RememberMe\has_cookie()) {
|
||||||
|
Model\RememberMe\refresh();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
|
||||||
|
if (! in_array($action, array('login', 'bookmark-feed', 'select-db'))) {
|
||||||
|
|
||||||
if (! Model\RememberMe\authenticate()) {
|
if (! Model\RememberMe\authenticate()) {
|
||||||
Response\redirect('?action=login');
|
Response\redirect('?action=login');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (Model\RememberMe\has_cookie()) {
|
|
||||||
Model\RememberMe\refresh();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load translations
|
// Load translations
|
||||||
$language = Model\Config\get('language') ?: 'en_US';
|
$language = Model\Config\get('language') ?: 'en_US';
|
||||||
if ($language !== 'en_US') \Translator\load($language);
|
if ($language !== 'en_US') Translator\load($language);
|
||||||
|
|
||||||
// Set timezone
|
// Set timezone
|
||||||
date_default_timezone_set(Model\Config\get('timezone') ?: 'UTC');
|
date_default_timezone_set(Model\Config\get('timezone') ?: 'UTC');
|
||||||
|
@ -9,6 +9,21 @@ use Model\Config;
|
|||||||
use Model\RememberMe;
|
use Model\RememberMe;
|
||||||
use Model\Database as DatabaseModel;
|
use Model\Database as DatabaseModel;
|
||||||
|
|
||||||
|
// Check if the user is logged
|
||||||
|
function is_logged()
|
||||||
|
{
|
||||||
|
return ! empty($_SESSION['user']);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if the logged user is the right one
|
||||||
|
function is_user_session()
|
||||||
|
{
|
||||||
|
return Database::get('db')
|
||||||
|
->table('config')
|
||||||
|
->eq('username', $_SESSION['user']['username'])
|
||||||
|
->count() === 1;
|
||||||
|
}
|
||||||
|
|
||||||
// Get a user by username
|
// Get a user by username
|
||||||
function get($username)
|
function get($username)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user