36 lines
1.1 KiB
PHP
Executable File
36 lines
1.1 KiB
PHP
Executable File
<?php
|
|
session_start([ 'cookie_lifetime' => 604800 ]);
|
|
session_regenerate_id();
|
|
ini_set("session.use_only_cookies", "true");
|
|
ini_set("session.use_trans_sid", "false");
|
|
|
|
$ua = $_SERVER['HTTP_USER_AGENT'];
|
|
if (str_starts_with($ua, "Axia4Auth/")) {
|
|
$username = explode("/", $ua)[1];
|
|
$userpass = explode("/", $ua)[2];
|
|
$userdata = json_decode(file_get_contents("/DATA/Usuarios/$username.json"), true);
|
|
if (!$userdata) {
|
|
header("HTTP/1.1 403 Forbidden");
|
|
die();
|
|
}
|
|
if (password_verify($userpass, $userdata["password"])) {
|
|
header("HTTP/1.1 403 Forbidden");
|
|
die();
|
|
}
|
|
$_SESSION["auth_user"] = $username;
|
|
$_SESSION["auth_data"] = $userdata;
|
|
$_SESSION["auth_ok"] = true;
|
|
}
|
|
|
|
// ¿Is user authenticated?
|
|
if (!$_SESSION["auth_ok"]) {
|
|
header("Location: /_login.php");
|
|
die();
|
|
}
|
|
|
|
// Check if "$APP_CODE" inside user's permissions
|
|
if (!in_array("$APP_CODE:access", $_SESSION["auth_data"]["permissions"])) {
|
|
header("Location: /index.php?_resultcolor=red&_result=" . urlencode("No tienes permisos para acceder a $APP_NAME."));
|
|
die();
|
|
}
|