Check if a user is logged in before displaying log or seeing system information\n This resolve electerious/Lychee#420

2015-11-04 23:00:57 +01:00 · 2015-11-04 23:00:57 +01:00 · 361c12be46
commit 361c12be46
parent 7879869a58
2 changed files with 27 additions and 0 deletions
--- a/plugins/check/index.php
+++ b/plugins/check/index.php
@ -93,6 +93,18 @@ if ($database->server_version<50500) echo('Warning: Lychee uses the GBK charset
 if ($error==='')	echo('No critical problems found. Lychee should work without problems!' . PHP_EOL);
 else				echo $error;

+# Don't go further if the user is not connected
+session_start();
+$isAdmin = ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
+        (isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier']));
+
+if(!$isAdmin)
+{
+        echo(PHP_EOL . PHP_EOL . 'You have to be logged in to see more information.');
+	exit();
+}
+
+
 # Show separator
 echo(PHP_EOL . PHP_EOL . 'System Information' . PHP_EOL);
 echo('------------------' . PHP_EOL);
--- a/plugins/displaylog/index.php
+++ b/plugins/displaylog/index.php
@ -37,6 +37,21 @@ if (mysqli_connect_errno()!=0) {
 	exit();
 }

+# Load settings
+$settings = new Settings($database);
+$settings = $settings->get();
+
+# Check if the user is connected
+session_start();
+$isAdmin = ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
+        (isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier']));
+
+if(!$isAdmin)
+{
+        exit('You have to be logged in to see the log.');
+}
+
+
 # Result
 $query	= Database::prepare($database, "SELECT FROM_UNIXTIME(time), type, function, line, text FROM ?", array(LYCHEE_TABLE_LOG));
 $result	= $database->query($query);