From 6bbeb0c57434542ca47e2d907b638e6ecfe1e920 Mon Sep 17 00:00:00 2001 From: Martin Ambrus Date: Sat, 28 Oct 2017 11:25:50 +0200 Subject: [PATCH] fix: session login check for admin --- GameEngine/Session.php | 25 ++++++++++++++++++++----- README | 1 + 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/GameEngine/Session.php b/GameEngine/Session.php index 96888f74..24582447 100755 --- a/GameEngine/Session.php +++ b/GameEngine/Session.php @@ -164,21 +164,36 @@ class Session { private function checkLogin(){ global $database; - if(isset($_SESSION['username']) && isset($_SESSION['sessid'])) { + + $user = ''; + $id = ''; + $admin = false; + $inAdmin = (strpos($_SERVER['REQUEST_URI'], '/Admin') !== false); + + if (!$inAdmin && isset($_SESSION['username'])) { + $user = $_SESSION['username']; + $id = (int) $_SESSION['id_user']; + } else if ($inAdmin && isset($_SESSION['admin_username'])) { + $user = $_SESSION['admin_username']; + $id = (int) $_SESSION['id']; + $admin = true; + } + + if($user && ($admin || isset($_SESSION['sessid']))) { // check if this is not a support user, for who only messages and statistics are available - if ($_SESSION['id_user'] == 1) { + if ($user == 1) { $req_file = basename($_SERVER['PHP_SELF']); if (!in_array($req_file, ['nachrichten.php', 'logout.php', 'statistiken.php', 'rules.php', 'karte.php', 'karte2.php', 'spieler.php'])) { header('Location:nachrichten.php'); exit; } } - + //Get and Populate Data $this->PopulateVar(); //update database - $database->addActiveUser($_SESSION['username'], $this->time); - $database->updateUserField($_SESSION['username'], "timestamp", $this->time, 0); + $database->addActiveUser($user, $this->time); + $database->updateUserField($user, "timestamp", $this->time, 0); return true; } else { return false; diff --git a/README b/README index 04296913..1861cf63 100644 --- a/README +++ b/README @@ -61,6 +61,7 @@ martinambrus changes: 49. Multihunter can no longer build beyond level 20 50. installation final screen shows info to remove install folder and CHMOD folders on Linux 51. fixed farms generation via Admin - these will be created all over map, not only where new players are currently being placed (players are positioned like this: middle section for first 20 days, then corners, then in between) +52. fixed logged-in check (no longer redirects to login.php from admin when not logged-in to the game itself) Shadowss changes: