aboutsummaryrefslogtreecommitdiffhomepage
path: root/main/app/sprinkles/admin
diff options
context:
space:
mode:
Diffstat (limited to 'main/app/sprinkles/admin')
-rw-r--r--main/app/sprinkles/admin/routes/wormhole.php2
-rw-r--r--main/app/sprinkles/admin/src/Controller/WormholeController.php14
2 files changed, 10 insertions, 6 deletions
diff --git a/main/app/sprinkles/admin/routes/wormhole.php b/main/app/sprinkles/admin/routes/wormhole.php
index e4d5bc9..da193ef 100644
--- a/main/app/sprinkles/admin/routes/wormhole.php
+++ b/main/app/sprinkles/admin/routes/wormhole.php
@@ -3,5 +3,5 @@
* Super admin thingy cause of my current server situation
*/
$app->group('/wormhole/{access_token}', function () {
- $this->get('/verify/{user_id}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:verify');
+ $this->get('/verify/{user_id}/{session_id}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:verify');
});
diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php
index 3beed61..958d907 100644
--- a/main/app/sprinkles/admin/src/Controller/WormholeController.php
+++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php
@@ -22,7 +22,6 @@ use Illuminate\Database\Capsule\Manager as DB;
use UserFrosting\Sprinkle\Account\Authenticate\Authenticator;
use Illuminate\Filesystem\Filesystem;
use Illuminate\Session\FileSessionHandler;
-use UserFrosting\Session\Session;
/**
* Controller class for user-related requests, including listing users, CRUD for users, etc.
@@ -40,11 +39,16 @@ class WormholeController extends SimpleController
->where('Key', '=', $access_token)
->exists()) {
$user_id = $args['user_id'];
- $session = new Session();
- $session->start();
- $response->write($session->all()["account"]["current_user_id"]);
+ $session_id = $args['session_id'];
+ $session_file = file_get_contents("../app/sessions/" . $session_id);
+ $session_user_id = unserialize(substr($session_file, strpos($session_file, "account|") + 8))["current_user_id"];
+ if ($session_user_id === $user_id) {
+ return $response->withStatus(200);
+ } else {
+ throw new NotFoundException();
+ }
} else {
- throw new ForbiddenException();
+ throw new NotFoundException(); // IT'S A FORBIDDEN EXCEPTION BUT IT'S SECRET! PSSSHT
}
}
} \ No newline at end of file