blob: 15b7ebc4642b6d9c7f1c496c0794779c98f6c315 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
<?php
// Minimal session check - no framework bootstrap
include 'auth_config.php';
preg_match( '|/attachments/\d+/(\d+)/|', $_SERVER['REQUEST_URI'], $matches );
if( !empty( $matches[1] ) ) {
$contentId = (int)$matches[1];
try {
$pdo = new PDO( $gBitDbHost, $gBitDbUser, $gBitDbPassword );
// get the role restriction for this content, if any
$stmt = $pdo->prepare( "SELECT ROLE_ID FROM LIBERTY_CONTENT_ROLE_MAP WHERE CONTENT_ID = ?" );
$stmt->execute( [$contentId] );
$requiredRoleId = $stmt->fetchColumn();
if( $requiredRoleId === false ) {
// no restriction - public content
http_response_code( 200 );
} elseif( in_array( (int)$requiredRoleId, $_SESSION['user_role'] ?? [] ) ) {
http_response_code( 200 );
} else {
http_response_code( 403 );
}
} catch( PDOException $e ) {
http_response_code( 403 );
}
exit;
}
// no content_id in URI - nothing to restrict
http_response_code( 200 );
|
