diff options
| -rw-r--r-- | .gitignore | 66 | ||||
| -rwxr-xr-x | config/kernel/auth_check.php | 32 |
2 files changed, 65 insertions, 33 deletions
@@ -7,38 +7,38 @@ config/images/ config/themes/ # Packages (each has its own git repo) -articles/ -blogs/ -bnspell/ -boards/ -calendar/ -ckeditor/ -contact/ -feed/ -fisheye/ -gatekeeper/ -geo/ -install/ -kernel/ -languages/ -liberty/ -messages/ -newsletters/ -nexus/ -pigeonholes/ -protector/ -quota/ -rss/ -search/ -stats/ -stock/ -storage/ -tags/ -themes/ -users/ -wiki/ +/articles/ +/blogs/ +/bnspell/ +/boards/ +/calendar/ +/ckeditor/ +/contact/ +/feed/ +/fisheye/ +/gatekeeper/ +/geo/ +/install/ +/kernel/ +/languages/ +/liberty/ +/messages/ +/newsletters/ +/nexus/ +/pigeonholes/ +/protector/ +/quota/ +/rss/ +/search/ +/stats/ +/stock/ +/storage/ +/tags/ +/themes/ +/users/ +/wiki/ # Third-party / externals -externals/ -util/ -utils/ +/externals/ +/util/ +/utils/ diff --git a/config/kernel/auth_check.php b/config/kernel/auth_check.php new file mode 100755 index 0000000..15b7ebc --- /dev/null +++ b/config/kernel/auth_check.php @@ -0,0 +1,32 @@ +<?php +// Minimal session check - no framework bootstrap +include 'auth_config.php'; + +preg_match( '|/attachments/\d+/(\d+)/|', $_SERVER['REQUEST_URI'], $matches ); + +if( !empty( $matches[1] ) ) { + $contentId = (int)$matches[1]; + try { + $pdo = new PDO( $gBitDbHost, $gBitDbUser, $gBitDbPassword ); + + // get the role restriction for this content, if any + $stmt = $pdo->prepare( "SELECT ROLE_ID FROM LIBERTY_CONTENT_ROLE_MAP WHERE CONTENT_ID = ?" ); + $stmt->execute( [$contentId] ); + $requiredRoleId = $stmt->fetchColumn(); + + if( $requiredRoleId === false ) { + // no restriction - public content + http_response_code( 200 ); + } elseif( in_array( (int)$requiredRoleId, $_SESSION['user_role'] ?? [] ) ) { + http_response_code( 200 ); + } else { + http_response_code( 403 ); + } + } catch( PDOException $e ) { + http_response_code( 403 ); + } + exit; +} + +// no content_id in URI - nothing to restrict +http_response_code( 200 );
\ No newline at end of file |
