Check to make sure the cookie is valid, because of course cookies can be
faked
This commit is contained in:
parent
e6cede05ca
commit
51f17e8174
26
admin.php
26
admin.php
|
|
@ -8,6 +8,9 @@ include "core.php";
|
|||
include "config.php";
|
||||
include "create-table.php";
|
||||
|
||||
$Authorized = 0;
|
||||
$Primary = 0;
|
||||
|
||||
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
|
|
@ -16,15 +19,32 @@ if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
|
|||
die();
|
||||
}
|
||||
|
||||
$html = "";
|
||||
$html = printHeader($html);
|
||||
|
||||
// in case admin keys are disabled
|
||||
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
|
||||
$Authorized = 1;
|
||||
$Primary = $line['primaryadmin'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// not authorized
|
||||
if ($Authorized != 1) {
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$html = "";
|
||||
$html = printHeader($html);
|
||||
|
||||
$html = printFooter($html);
|
||||
|
||||
print "$html";
|
||||
|
|
|
|||
Loading…
Reference in a new issue