init
This commit is contained in:
46
auth/guard.php
Normal file
46
auth/guard.php
Normal file
@@ -0,0 +1,46 @@
|
||||
<?php
|
||||
|
||||
require __DIR__ . "/util.php";
|
||||
require __DIR__ . "/db.php";
|
||||
require __DIR__ . "/logger.php";
|
||||
|
||||
session_start();
|
||||
|
||||
$siteKey = defined("AUTH_SITE_KEY") ? AUTH_SITE_KEY : ($_SERVER["HTTP_HOST"] ?? "unknown");
|
||||
$siteKey = is_string($siteKey) ? trim($siteKey) : "unknown";
|
||||
|
||||
if (!auth_is_valid_site_key($siteKey)) {
|
||||
auth_log_event([
|
||||
"ip" => auth_get_client_ip(),
|
||||
"siteKey" => $siteKey,
|
||||
"status" => "invalid_payload",
|
||||
]);
|
||||
header("Location: /auth/login.html");
|
||||
exit;
|
||||
}
|
||||
|
||||
$userId = (int) ($_SESSION["auth_user_id"] ?? 0);
|
||||
if ($userId <= 0) {
|
||||
$redirect = $_SERVER["REQUEST_URI"] ?? "/";
|
||||
header("Location: /auth/login.html?siteKey=" . urlencode($siteKey) . "&redirect=" . urlencode($redirect));
|
||||
exit;
|
||||
}
|
||||
|
||||
$db = auth_get_db();
|
||||
$stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1");
|
||||
$stmt->bind_param("is", $userId, $siteKey);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$hasAccess = $result && $result->num_rows > 0;
|
||||
$stmt->close();
|
||||
|
||||
if (!$hasAccess) {
|
||||
auth_log_event([
|
||||
"ip" => auth_get_client_ip(),
|
||||
"userId" => $userId,
|
||||
"siteKey" => $siteKey,
|
||||
"status" => "access_denied",
|
||||
]);
|
||||
header("Location: /auth/login.html?siteKey=" . urlencode($siteKey));
|
||||
exit;
|
||||
}
|
||||
Reference in New Issue
Block a user