EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update many stuff

Browse Source
This commit is contained in:
naielv
2026-01-25 23:23:22 +01:00
parent d58c9b6af2
commit 5f45017997
15 changed files with 307 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
public_html/_incl/auth_redir.php Executable file
View File

@@ -0,0 +1,35 @@
<?php
session_start([ 'cookie_lifetime' => 604800 ]);
session_regenerate_id();
ini_set("session.use_only_cookies", "true");
ini_set("session.use_trans_sid", "false");
$ua = $_SERVER['HTTP_USER_AGENT'];
if (str_starts_with($ua, "SysAdminAuth/")) {
$username = explode("/", $ua)[1];
$userpass = explode("/", $ua)[2];
$userdata = json_decode(file_get_contents("/DATA/Usuarios/$username.json"), true);
if (!$userdata) {
header("HTTP/1.1 403 Forbidden");
die();
}
if ($userdata["password"] !== hash("sha256", $userpass)) {
header("HTTP/1.1 403 Forbidden");
die();
}
$_SESSION["auth_user"] = $username;
$_SESSION["auth_data"] = $userdata;
$_SESSION["auth_ok"] = true;
}
// ¿Is user authenticated?
if (!$_SESSION["auth_ok"]) {
header("Location: /_login.php");
die();
}
// Check if "$APP_CODE" inside user's permissions
if (!in_array("$APP_CODE:access", $_SESSION["auth_data"]["permissions"])) {
header("Location: /index.php?_resultcolor=red&_result=" . urlencode("No tienes permisos para acceder a $APP_NAME."));
die();
}