From bf2558253637537c2d57765e557bdc0e164c58ee Mon Sep 17 00:00:00 2001 From: Minteck Date: Wed, 22 Feb 2023 10:29:48 +0100 Subject: Updated 23 files, added assets/uploads/pt-princesscelestia.png and renamed assets/uploads/pt-luna.png (automated) --- Authentication/Callback/index.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'Authentication/Callback') diff --git a/Authentication/Callback/index.php b/Authentication/Callback/index.php index 508326b..981525f 100644 --- a/Authentication/Callback/index.php +++ b/Authentication/Callback/index.php @@ -38,15 +38,22 @@ if (isset($result["access_token"])) { $result = curl_exec($crl); $result = json_decode($result, true); - if (!in_array($result["id"], $appdata["oauth"]["allowed"])) { - header("Location: /"); + if (!in_array($result["id"], $appdata["oauth"]["allowed"]["admin"]) && !in_array($result["id"], $appdata["oauth"]["allowed"]["lower"])) { + header("Location: /?error=Access denied, you are not allowed to login to this website"); die(); } if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens"); + if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens"); $token = bin2hex(random_bytes(32)); - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token, json_encode($result)); + + if (in_array($result["id"], $appdata["oauth"]["allowed"]["admin"])) { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token, json_encode($result)); + } else { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token, json_encode($result)); + } + header("Set-Cookie: PEH2_SESSION_TOKEN=" . $token . "; SameSite=None; Path=/; Secure; HttpOnly; Expires=" . date("r", time() + (86400 * 730))); header("Location: /Authentication/Success"); -- cgit