Browse Source
limit autosubmit tokens to the same user
pull/82/head
Aaron Parecki
8 years ago
No known key found for this signature in database
GPG Key ID: 276C2817346D6056
1 changed files with
6 additions and
1 deletions
-
controllers/controllers.php
|
@ -136,7 +136,12 @@ $app->get('/favorite', function() use($app) { |
|
|
if(array_key_exists('token', $params)) { |
|
|
if(array_key_exists('token', $params)) { |
|
|
try { |
|
|
try { |
|
|
$data = JWT::decode($params['token'], Config::$jwtSecret, ['HS256']); |
|
|
$data = JWT::decode($params['token'], Config::$jwtSecret, ['HS256']); |
|
|
$autosubmit = isset($data->autosubmit) && $data->autosubmit; |
|
|
|
|
|
|
|
|
if(isset($data->autosubmit) && $data->autosubmit) { |
|
|
|
|
|
// Only allow this token to be used for the user who created it
|
|
|
|
|
|
if($data->user_id == $_SESSION['user_id']) { |
|
|
|
|
|
$autosubmit = true; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
} catch(Exception $e) { |
|
|
} catch(Exception $e) { |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|