first commit
This commit is contained in:
Vlastislav Svatek
45
api/auth.php
Normal file
45
api/auth.php
Normal file
@@ -0,0 +1,45 @@
|
||||
<?php
|
||||
// ============================================================
|
||||
// api/auth.php — POST /api/auth/login | POST /api/auth/logout
|
||||
// GET /api/auth/check
|
||||
// ============================================================
|
||||
|
||||
require_once __DIR__ . '/db.php';
|
||||
|
||||
cors();
|
||||
start_session();
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$action = $_GET['action'] ?? '';
|
||||
|
||||
// GET /api/auth/check
|
||||
if ($method === 'GET' && $action === 'check') {
|
||||
json_out(['admin' => !empty($_SESSION['is_admin'])]);
|
||||
}
|
||||
|
||||
// POST /api/auth/login
|
||||
if ($method === 'POST' && $action === 'login') {
|
||||
$body = body();
|
||||
$pw = $body['password'] ?? '';
|
||||
|
||||
if (empty($pw)) {
|
||||
json_error('Password required');
|
||||
}
|
||||
|
||||
if (!password_verify($pw, ADMIN_HASH)) {
|
||||
sleep(1);
|
||||
json_error('Invalid password', 401);
|
||||
}
|
||||
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['is_admin'] = true;
|
||||
json_out(['ok' => true]);
|
||||
}
|
||||
|
||||
// POST /api/auth/logout — clears admin only, keeps OAuth user logged in
|
||||
if ($method === 'POST' && $action === 'logout') {
|
||||
unset($_SESSION['is_admin']);
|
||||
json_out(['ok' => true]);
|
||||
}
|
||||
|
||||
json_error('Not found', 404);
|
||||
Reference in New Issue
Block a user