diff options
Diffstat (limited to 'auth/callback')
| -rw-r--r-- | auth/callback/index.php | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/auth/callback/index.php b/auth/callback/index.php index 678dc34..1ff53f7 100644 --- a/auth/callback/index.php +++ b/auth/callback/index.php @@ -40,10 +40,7 @@ if (isset($result["access_token"])) { $result = $result_orig = curl_exec($crl); $result = json_decode($result, true); - $isAllowed = in_array("78b519ca-759b-4caa-958d-fcdfd422b9a9", array_map(function ($i) { return $i["id"]; }, $result["transitiveGroups"])); - $isAdmin = in_array("fe24dd97-9b9b-45b9-bb84-24e17a49f97b", array_map(function ($i) { return $i["id"]; }, $result["transitiveGroups"])); - - if (!$isAllowed) { + if (!in_array($result["id"], $appdata["oauth"]["allowed"]["admin"]) && !in_array($result["id"], $appdata["oauth"]["allowed"]["lower"])) { peh_error("Access denied, you are not allowed to login to this website", 403); die(); } @@ -54,7 +51,7 @@ if (isset($result["access_token"])) { $token = generateToken(); - if ($isAdmin) { + if (in_array($result["id"], $appdata["oauth"]["allowed"]["admin"])) { file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token, json_encode([ "created" => time(), "last" => time(), |