aboutsummaryrefslogtreecommitdiffhomepage
path: root/main/app/sprinkles/admin/src/Controller/WormholeController.php
diff options
context:
space:
mode:
Diffstat (limited to 'main/app/sprinkles/admin/src/Controller/WormholeController.php')
-rw-r--r--main/app/sprinkles/admin/src/Controller/WormholeController.php14
1 files changed, 9 insertions, 5 deletions
diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php
index 3beed61..958d907 100644
--- a/main/app/sprinkles/admin/src/Controller/WormholeController.php
+++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php
@@ -22,7 +22,6 @@ use Illuminate\Database\Capsule\Manager as DB;
use UserFrosting\Sprinkle\Account\Authenticate\Authenticator;
use Illuminate\Filesystem\Filesystem;
use Illuminate\Session\FileSessionHandler;
-use UserFrosting\Session\Session;
/**
* Controller class for user-related requests, including listing users, CRUD for users, etc.
@@ -40,11 +39,16 @@ class WormholeController extends SimpleController
->where('Key', '=', $access_token)
->exists()) {
$user_id = $args['user_id'];
- $session = new Session();
- $session->start();
- $response->write($session->all()["account"]["current_user_id"]);
+ $session_id = $args['session_id'];
+ $session_file = file_get_contents("../app/sessions/" . $session_id);
+ $session_user_id = unserialize(substr($session_file, strpos($session_file, "account|") + 8))["current_user_id"];
+ if ($session_user_id === $user_id) {
+ return $response->withStatus(200);
+ } else {
+ throw new NotFoundException();
+ }
} else {
- throw new ForbiddenException();
+ throw new NotFoundException(); // IT'S A FORBIDDEN EXCEPTION BUT IT'S SECRET! PSSSHT
}
}
} \ No newline at end of file