auth update
This commit is contained in:
@@ -21,13 +21,31 @@ if (!is_array($data)) {
|
|||||||
|
|
||||||
$login = trim($data['username'] ?? '');
|
$login = trim($data['username'] ?? '');
|
||||||
$password = $data['password'] ?? '';
|
$password = $data['password'] ?? '';
|
||||||
|
$siteAlias = trim($data['site_alias'] ?? '');
|
||||||
|
|
||||||
|
if ($siteAlias === '') {
|
||||||
|
http_response_code(400);
|
||||||
|
echo json_encode(['success' => false, 'message' => 'Не указан сайт']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
// Поиск пользователя по username
|
// Поиск пользователя по username
|
||||||
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
|
$stmt = $pdo->prepare("SELECT id, username, password_hash, ok5, o7, o10m, o10a, webp FROM users WHERE username = ?");
|
||||||
$stmt->execute([$login]);
|
$stmt->execute([$login]);
|
||||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
if ($user && password_verify($password, $user['password_hash'])) {
|
if ($user && password_verify($password, $user['password_hash'])) {
|
||||||
|
$allowedAliases = ['ok5', 'o7', 'o10m', 'o10a', 'webp'];
|
||||||
|
if (!in_array($siteAlias, $allowedAliases, true)) {
|
||||||
|
echo json_encode(['success' => false, 'message' => 'Неизвестный сайт']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((int)$user[$siteAlias] !== 1) {
|
||||||
|
echo json_encode(['success' => false, 'message' => 'Нет доступа к сайту']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
// Успешная авторизация
|
// Успешная авторизация
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
$_SESSION['user_id'] = $user['id'];
|
$_SESSION['user_id'] = $user['id'];
|
||||||
|
|||||||
@@ -1,10 +1,22 @@
|
|||||||
<?php
|
<?php
|
||||||
if (session_status() === PHP_SESSION_NONE) {
|
if (session_status() === PHP_SESSION_NONE) {
|
||||||
$isSecure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
|
$isSecure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
|
||||||
|
$scriptName = $_SERVER['SCRIPT_NAME'] ?? '';
|
||||||
|
$basePath = '/';
|
||||||
|
if ($scriptName !== '') {
|
||||||
|
$basePath = preg_replace('#/api/.*$#', '', $scriptName);
|
||||||
|
if ($basePath === $scriptName) {
|
||||||
|
$basePath = dirname($scriptName);
|
||||||
|
}
|
||||||
|
$basePath = rtrim($basePath, '/');
|
||||||
|
if ($basePath === '') {
|
||||||
|
$basePath = '/';
|
||||||
|
}
|
||||||
|
}
|
||||||
ini_set('session.use_strict_mode', '1');
|
ini_set('session.use_strict_mode', '1');
|
||||||
session_set_cookie_params([
|
session_set_cookie_params([
|
||||||
'lifetime' => 0,
|
'lifetime' => 0,
|
||||||
'path' => '/',
|
'path' => $basePath,
|
||||||
'domain' => '',
|
'domain' => '',
|
||||||
'secure' => $isSecure,
|
'secure' => $isSecure,
|
||||||
'httponly' => true,
|
'httponly' => true,
|
||||||
|
|||||||
10
js/auth.js
10
js/auth.js
@@ -45,6 +45,16 @@ if (document.getElementById('loginForm')) {
|
|||||||
|
|
||||||
const formData = new FormData(this);
|
const formData = new FormData(this);
|
||||||
const data = Object.fromEntries(formData);
|
const data = Object.fromEntries(formData);
|
||||||
|
if (!data.site_alias) {
|
||||||
|
const metaAlias = document.querySelector('meta[name="site-alias"]');
|
||||||
|
if (metaAlias && metaAlias.content) {
|
||||||
|
data.site_alias = metaAlias.content.trim();
|
||||||
|
} else {
|
||||||
|
const path = window.location.pathname.replace(/\/+$/, '');
|
||||||
|
const parts = path.split('/').filter(Boolean);
|
||||||
|
data.site_alias = parts[0] || 'root';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const result = await sendRequest('api/login.php', data);
|
const result = await sendRequest('api/login.php', data);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user