jester/web_auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

auth update

Browse Source
This commit is contained in:
Jester
2026-01-19 15:27:18 +03:00
parent 594107efb9
commit d43890a97f
3 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
api/login.php
View File

@@ -21,13 +21,31 @@ if (!is_array($data)) {
$login = trim($data['username'] ?? '');
$password = $data['password'] ?? '';
$siteAlias = trim($data['site_alias'] ?? '');
if ($siteAlias === '') {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Не указан сайт']);
exit;
}
// Поиск пользователя по username
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
$stmt = $pdo->prepare("SELECT id, username, password_hash, ok5, o7, o10m, o10a, webp FROM users WHERE username = ?");
$stmt->execute([$login]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password_hash'])) {
$allowedAliases = ['ok5', 'o7', 'o10m', 'o10a', 'webp'];
if (!in_array($siteAlias, $allowedAliases, true)) {
echo json_encode(['success' => false, 'message' => 'Неизвестный сайт']);
exit;
}
if ((int)$user[$siteAlias] !== 1) {
echo json_encode(['success' => false, 'message' => 'Нет доступа к сайту']);
exit;
}
// Успешная авторизация
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];