init

auth/api/check.php

@@ -0,0 +1,44 @@
+<?php
+
+require __DIR__ . "/../util.php";
+require __DIR__ . "/../db.php";
+require __DIR__ . "/../logger.php";
+
+session_start();
+
+$siteKey = auth_get_site_key($_GET);
+$clientIp = auth_get_client_ip();
+
+if (!auth_is_valid_site_key($siteKey)) {
+    auth_log_event([
+        "ip" => $clientIp,
+        "siteKey" => $siteKey,
+        "status" => "invalid_payload",
+    ]);
+    auth_json_response(400, ["ok" => false, "message" => "Неверные данные."]);
+}
+
+$userId = (int) ($_SESSION["auth_user_id"] ?? 0);
+if ($userId <= 0) {
+    auth_json_response(401, ["ok" => false, "message" => "Требуется вход."]);
+}
+
+$db = auth_get_db();
+$stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1");
+$stmt->bind_param("is", $userId, $siteKey);
+$stmt->execute();
+$result = $stmt->get_result();
+$hasAccess = $result && $result->num_rows > 0;
+$stmt->close();
+
+if (!$hasAccess) {
+    auth_log_event([
+        "ip" => $clientIp,
+        "userId" => $userId,
+        "siteKey" => $siteKey,
+        "status" => "access_denied",
+    ]);
+    auth_json_response(403, ["ok" => false, "message" => "Нет доступа."]);
+}
+
+auth_json_response(200, ["ok" => true]);