45 lines
1.2 KiB
PHP
45 lines
1.2 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
require __DIR__ . "/../util.php";
|
||
|
|
require __DIR__ . "/../db.php";
|
||
|
|
require __DIR__ . "/../logger.php";
|
||
|
|
|
||
|
|
session_start();
|
||
|
|
|
||
|
|
$siteKey = auth_get_site_key($_GET);
|
||
|
|
$clientIp = auth_get_client_ip();
|
||
|
|
|
||
|
|
if (!auth_is_valid_site_key($siteKey)) {
|
||
|
|
auth_log_event([
|
||
|
|
"ip" => $clientIp,
|
||
|
|
"siteKey" => $siteKey,
|
||
|
|
"status" => "invalid_payload",
|
||
|
|
]);
|
||
|
|
auth_json_response(400, ["ok" => false, "message" => "Неверные данные."]);
|
||
|
|
}
|
||
|
|
|
||
|
|
$userId = (int) ($_SESSION["auth_user_id"] ?? 0);
|
||
|
|
if ($userId <= 0) {
|
||
|
|
auth_json_response(401, ["ok" => false, "message" => "Требуется вход."]);
|
||
|
|
}
|
||
|
|
|
||
|
|
$db = auth_get_db();
|
||
|
|
$stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1");
|
||
|
|
$stmt->bind_param("is", $userId, $siteKey);
|
||
|
|
$stmt->execute();
|
||
|
|
$result = $stmt->get_result();
|
||
|
|
$hasAccess = $result && $result->num_rows > 0;
|
||
|
|
$stmt->close();
|
||
|
|
|
||
|
|
if (!$hasAccess) {
|
||
|
|
auth_log_event([
|
||
|
|
"ip" => $clientIp,
|
||
|
|
"userId" => $userId,
|
||
|
|
"siteKey" => $siteKey,
|
||
|
|
"status" => "access_denied",
|
||
|
|
]);
|
||
|
|
auth_json_response(403, ["ok" => false, "message" => "Нет доступа."]);
|
||
|
|
}
|
||
|
|
|
||
|
|
auth_json_response(200, ["ok" => true]);
|