Check if a user is logged in before displaying log or seeing system information\n This resolve electerious/Lychee#420

This commit is contained in:
Quentin Bramas 2015-11-04 23:00:57 +01:00
parent 7879869a58
commit 361c12be46
2 changed files with 27 additions and 0 deletions

View File

@ -93,6 +93,18 @@ if ($database->server_version<50500) echo('Warning: Lychee uses the GBK charset
if ($error==='') echo('No critical problems found. Lychee should work without problems!' . PHP_EOL); if ($error==='') echo('No critical problems found. Lychee should work without problems!' . PHP_EOL);
else echo $error; else echo $error;
# Don't go further if the user is not connected
session_start();
$isAdmin = ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
(isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier']));
if(!$isAdmin)
{
echo(PHP_EOL . PHP_EOL . 'You have to be logged in to see more information.');
exit();
}
# Show separator # Show separator
echo(PHP_EOL . PHP_EOL . 'System Information' . PHP_EOL); echo(PHP_EOL . PHP_EOL . 'System Information' . PHP_EOL);
echo('------------------' . PHP_EOL); echo('------------------' . PHP_EOL);

View File

@ -37,6 +37,21 @@ if (mysqli_connect_errno()!=0) {
exit(); exit();
} }
# Load settings
$settings = new Settings($database);
$settings = $settings->get();
# Check if the user is connected
session_start();
$isAdmin = ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
(isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier']));
if(!$isAdmin)
{
exit('You have to be logged in to see the log.');
}
# Result # Result
$query = Database::prepare($database, "SELECT FROM_UNIXTIME(time), type, function, line, text FROM ?", array(LYCHEE_TABLE_LOG)); $query = Database::prepare($database, "SELECT FROM_UNIXTIME(time), type, function, line, text FROM ?", array(LYCHEE_TABLE_LOG));
$result = $database->query($query); $result = $database->query($query);