git.cweiske.de / phorkie.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
remove session id check, it was not working the way I hoped for
[phorkie.git] / www / secure.php
diff --git a/www/secure.php b/www/secure.php
index 07cdfb64051768364542a802e85de9a7546cafe8..e61408701f6be5be3496eddde69c76f4aaeb5281 100644 (file)
--- a/www/secure.php
+++ b/www/secure.php
@@ -9,4 +9,18 @@ if (!isset($_SESSION['identity'])) {
     header("Location: /login");
     exit;
 }
+if ($GLOBALS['phorkie']['auth']['secure'] > 0 &&
+    $GLOBALS['phorkie']['auth']['userlist']) {
+    if (!in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) {
+        header('HTTP/1.1 403 Forbidden');
+        $db = new Database();
+        render(
+            'forbidden',
+            array(
+                'recents'     => $db->getSearch()->listAll(0, 5, 'crdate', 'desc'),
+            )
+        );
+        exit;
+    }
+}
 ?>
Self-hosted pastebin software written in PHP. Pastes are editable, may have multiple files and are stored in git repositories.