diff options
| author | Lester Caine <lester@lsces.co.uk> | 2026-06-19 10:34:20 +0100 |
|---|---|---|
| committer | Lester Caine <lester@lsces.co.uk> | 2026-06-19 10:34:20 +0100 |
| commit | 3947c9f0b30c7464529c699f42d50d38b21eda6c (patch) | |
| tree | 4d28b8b2fad6d3642ae8b272b31916a2ac66a12c | |
| parent | d6febfdb6ea7dd65cfeb14793d84cfa2a2288074 (diff) | |
| download | bitweaver-master.tar.gz bitweaver-master.tar.bz2 bitweaver-master.zip | |
auth_check.php is generic (includes site-specific auth_config.php)
and belongs in the config package so server-pull-all.sh deploys it.
.gitignore package entries were missing leading / so kernel/ matched
config/kernel/ as well as the root kernel/ package directory. Fixed
all package and externals entries to use root-anchored /name/ form.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
| -rw-r--r-- | .gitignore | 66 | ||||
| -rwxr-xr-x | config/kernel/auth_check.php | 32 |
2 files changed, 65 insertions, 33 deletions
@@ -7,38 +7,38 @@ config/images/ config/themes/ # Packages (each has its own git repo) -articles/ -blogs/ -bnspell/ -boards/ -calendar/ -ckeditor/ -contact/ -feed/ -fisheye/ -gatekeeper/ -geo/ -install/ -kernel/ -languages/ -liberty/ -messages/ -newsletters/ -nexus/ -pigeonholes/ -protector/ -quota/ -rss/ -search/ -stats/ -stock/ -storage/ -tags/ -themes/ -users/ -wiki/ +/articles/ +/blogs/ +/bnspell/ +/boards/ +/calendar/ +/ckeditor/ +/contact/ +/feed/ +/fisheye/ +/gatekeeper/ +/geo/ +/install/ +/kernel/ +/languages/ +/liberty/ +/messages/ +/newsletters/ +/nexus/ +/pigeonholes/ +/protector/ +/quota/ +/rss/ +/search/ +/stats/ +/stock/ +/storage/ +/tags/ +/themes/ +/users/ +/wiki/ # Third-party / externals -externals/ -util/ -utils/ +/externals/ +/util/ +/utils/ diff --git a/config/kernel/auth_check.php b/config/kernel/auth_check.php new file mode 100755 index 0000000..15b7ebc --- /dev/null +++ b/config/kernel/auth_check.php @@ -0,0 +1,32 @@ +<?php +// Minimal session check - no framework bootstrap +include 'auth_config.php'; + +preg_match( '|/attachments/\d+/(\d+)/|', $_SERVER['REQUEST_URI'], $matches ); + +if( !empty( $matches[1] ) ) { + $contentId = (int)$matches[1]; + try { + $pdo = new PDO( $gBitDbHost, $gBitDbUser, $gBitDbPassword ); + + // get the role restriction for this content, if any + $stmt = $pdo->prepare( "SELECT ROLE_ID FROM LIBERTY_CONTENT_ROLE_MAP WHERE CONTENT_ID = ?" ); + $stmt->execute( [$contentId] ); + $requiredRoleId = $stmt->fetchColumn(); + + if( $requiredRoleId === false ) { + // no restriction - public content + http_response_code( 200 ); + } elseif( in_array( (int)$requiredRoleId, $_SESSION['user_role'] ?? [] ) ) { + http_response_code( 200 ); + } else { + http_response_code( 403 ); + } + } catch( PDOException $e ) { + http_response_code( 403 ); + } + exit; +} + +// no content_id in URI - nothing to restrict +http_response_code( 200 );
\ No newline at end of file |