fix: session login check for admin

This commit is contained in:
Martin Ambrus
2017-10-28 11:25:50 +02:00
parent 6226412825
commit 6bbeb0c574
2 changed files with 21 additions and 5 deletions
+20 -5
View File
@@ -164,21 +164,36 @@ class Session {
private function checkLogin(){
global $database;
if(isset($_SESSION['username']) && isset($_SESSION['sessid'])) {
$user = '';
$id = '';
$admin = false;
$inAdmin = (strpos($_SERVER['REQUEST_URI'], '/Admin') !== false);
if (!$inAdmin && isset($_SESSION['username'])) {
$user = $_SESSION['username'];
$id = (int) $_SESSION['id_user'];
} else if ($inAdmin && isset($_SESSION['admin_username'])) {
$user = $_SESSION['admin_username'];
$id = (int) $_SESSION['id'];
$admin = true;
}
if($user && ($admin || isset($_SESSION['sessid']))) {
// check if this is not a support user, for who only messages and statistics are available
if ($_SESSION['id_user'] == 1) {
if ($user == 1) {
$req_file = basename($_SERVER['PHP_SELF']);
if (!in_array($req_file, ['nachrichten.php', 'logout.php', 'statistiken.php', 'rules.php', 'karte.php', 'karte2.php', 'spieler.php'])) {
header('Location:nachrichten.php');
exit;
}
}
//Get and Populate Data
$this->PopulateVar();
//update database
$database->addActiveUser($_SESSION['username'], $this->time);
$database->updateUserField($_SESSION['username'], "timestamp", $this->time, 0);
$database->addActiveUser($user, $this->time);
$database->updateUserField($user, "timestamp", $this->time, 0);
return true;
} else {
return false;
+1
View File
@@ -61,6 +61,7 @@ martinambrus changes:
49. Multihunter can no longer build beyond level 20
50. installation final screen shows info to remove install folder and CHMOD folders on Linux
51. fixed farms generation via Admin - these will be created all over map, not only where new players are currently being placed (players are positioned like this: middle section for first 20 days, then corners, then in between)
52. fixed logged-in check (no longer redirects to login.php from admin when not logged-in to the game itself)
Shadowss changes: