mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-02 22:47:33 +02:00
Code Issues Releases Wiki Activity

Don't allow guests into the admin area

Browse Source
This commit is contained in:
Toby Zerner
2015-03-30 12:43:55 +10:30
parent 4b71c32e8b
commit 8604ed99ec
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
framework/core/src/Admin/Middleware/LoginWithCookieAndCheckAdmin.php
View File

@@ -16,13 +16,12 @@ class LoginWithCookieAndCheckAdmin
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if (($token = $request->cookie('flarum_remember')) && if (($token = $request->cookie('flarum_remember')) &&
($accessToken = AccessToken::where('id', $token)->first())) { ($accessToken = AccessToken::where('id', $token)->first()) &&
$user = $accessToken->user; $accessToken->user->isAdmin()) {
if (! $user->isAdmin()) { $this->actor->setUser($accessToken->user);
} else {
die('ur not an admin'); die('ur not an admin');
} }
$this->actor->setUser($user);
}
return $next($request); return $next($request);
} }