diff options
-rw-r--r-- | backend.php | 13 | ||||
-rw-r--r-- | index.php | 5 | ||||
-rw-r--r-- | login.php | 3 | ||||
-rw-r--r-- | sessions/.empty | 0 |
4 files changed, 18 insertions, 3 deletions
diff --git a/backend.php b/backend.php index 018c0e8..7cd15bb 100644 --- a/backend.php +++ b/backend.php @@ -1,11 +1,20 @@ <?php require_once "config.php"; - require_once "sessions.php"; - require_once "db.php"; header("Content-type: text/json"); + // let's not start a session if there's no cookie, login is impossible + // via backend anyway + if (!isset($_COOKIE['epube_sid'])) { + header($_SERVER["SERVER_PROTOCOL"]." 402 Unauthorized"); + echo "Unauthorized"; + die; + } + + require_once "sessions.php"; + require_once "db.php"; + @$owner = SQLite3::escapeString($_SESSION["owner"]); if (!$owner) { @@ -11,6 +11,11 @@ die("HTTP Authentication is no longer supported, please see migration notes in git."); } + if (!isset($_COOKIE['epube_sid'])) { + header("Location: login.php"); + exit; + } + require_once "config.php"; require_once "sessions.php"; require_once "db.php"; @@ -1,6 +1,5 @@ <?php require_once "config.php"; - require_once "sessions.php"; @$op = $_REQUEST["op"]; @@ -13,6 +12,8 @@ $res = $dbh->query("SELECT id FROM epube_users WHERE user = '$user' AND pass = '$password'"); if ($line = $res->fetchArray(SQLITE3_ASSOC)) { + require_once "sessions.php"; + $_SESSION["owner"] = $user; header("Location: index.php"); } diff --git a/sessions/.empty b/sessions/.empty deleted file mode 100644 index e69de29..0000000 --- a/sessions/.empty +++ /dev/null |