diff options
Diffstat (limited to 'main/app/sprinkles/admin/src')
| -rw-r--r-- | main/app/sprinkles/admin/src/Controller/WormholeController.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php index 3beed61..958d907 100644 --- a/main/app/sprinkles/admin/src/Controller/WormholeController.php +++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php @@ -22,7 +22,6 @@ use Illuminate\Database\Capsule\Manager as DB; use UserFrosting\Sprinkle\Account\Authenticate\Authenticator; use Illuminate\Filesystem\Filesystem; use Illuminate\Session\FileSessionHandler; -use UserFrosting\Session\Session; /** * Controller class for user-related requests, including listing users, CRUD for users, etc. @@ -40,11 +39,16 @@ class WormholeController extends SimpleController ->where('Key', '=', $access_token) ->exists()) { $user_id = $args['user_id']; - $session = new Session(); - $session->start(); - $response->write($session->all()["account"]["current_user_id"]); + $session_id = $args['session_id']; + $session_file = file_get_contents("../app/sessions/" . $session_id); + $session_user_id = unserialize(substr($session_file, strpos($session_file, "account|") + 8))["current_user_id"]; + if ($session_user_id === $user_id) { + return $response->withStatus(200); + } else { + throw new NotFoundException(); + } } else { - throw new ForbiddenException(); + throw new NotFoundException(); // IT'S A FORBIDDEN EXCEPTION BUT IT'S SECRET! PSSSHT } } }
\ No newline at end of file |