forked from colin-combe/xiNET_website
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcheckAuth.php
66 lines (54 loc) · 1.68 KB
/
checkAuth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
$allowAccess = false;
$xiSPECdb = new PDO("mysql:host=localhost;dbname=".$DBname, $DBuser, $DBpass) or die("cannot open the database");
$xiSPECdb->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (session_status() === PHP_SESSION_NONE){session_start();}
// get database name
if (isset($_GET['s'])) {
$stmt = $xiSPECdb->prepare("SELECT name FROM dbs WHERE share = :share;");
$stmt->bindParam(':share', $_GET['s'], PDO::PARAM_STR);
$stmt->execute();
$dbName = $stmt->fetchColumn();
if(!$dbName)
die("authentication failure: no such database");
// header('Location: index.php');
$allowAccess = true;
}
elseif (isset($_GET['db'])) {
$dbName = $_GET['db'];
}
else{
die("authentication failure: no dbname given");
// header('Location: index.php');
}
//check if it's a public database
$stmt = $xiSPECdb->prepare("SELECT pass FROM dbs WHERE name = :name;");
$stmt->bindParam(':name', $dbName, PDO::PARAM_STR);
$stmt->execute();
$passHash = $stmt->fetchColumn();
if($passHash == 'public'){
$allowAccess = true;
$public = true;
}
// if not check if the use is authentified to see it
else{
//otherwise redirect him to the password authentication page
if(!in_array($dbName, $_SESSION['access']))
header("Location: /auth.php?db=".$dbName);
else {
$allowAccess = true;
}
}
//finally add database name to SESSION if valid authentication was provided
if($allowAccess){
if(!isset($_SESSION['access'])) $_SESSION['access'] = array();
if(!in_array($dbName, $_SESSION['access'])){
$_SESSION['access'][] = $dbName;
}
}
else{
die("authentication failure!");
// header('Location: index.php');
}
// }
?>