63c3b96a29
fixed csrf token check for a few pages where it mightve been broken session manager now can be bound to base user class and used, like in login logout now pushes you to login regardless, no longer has param to push to custom url fixed validate client, hijacking sessions no longer works
50 lines
2.0 KiB
PHP
50 lines
2.0 KiB
PHP
<?php
|
|
$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
|
|
|
|
if ($user->isAuthenticated()) {
|
|
switch (@$_REQUEST['do']) {
|
|
case 'delete':
|
|
if (!$config['csrf']['enabled'] || ($config['csrf']['enabled'])) {
|
|
if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success');
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
|
|
}
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
|
|
}
|
|
break;
|
|
|
|
case 'add':
|
|
if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
|
|
if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker added', 'TYPE' => 'success');
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
|
|
}
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
|
|
}
|
|
break;
|
|
|
|
case 'update':
|
|
if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
|
|
if ($worker->updateWorkers($_SESSION['USERDATA']['id'], @$_POST['data'])) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated', 'TYPE' => 'success');
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
|
|
}
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
|
|
}
|
|
break;
|
|
}
|
|
|
|
$aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
|
|
if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'errormsg');
|
|
|
|
$smarty->assign('WORKERS', $aWorkers);
|
|
}
|
|
$smarty->assign('CONTENT', 'default.tpl');
|
|
|
|
?>
|