46 lines
1.1 KiB
PHP
46 lines
1.1 KiB
PHP
<?php
|
|
// ============================================================
|
|
// api/auth.php — POST /api/auth/login | POST /api/auth/logout
|
|
// GET /api/auth/check
|
|
// ============================================================
|
|
|
|
require_once __DIR__ . '/db.php';
|
|
|
|
cors();
|
|
start_session();
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$action = $_GET['action'] ?? '';
|
|
|
|
// GET /api/auth/check
|
|
if ($method === 'GET' && $action === 'check') {
|
|
json_out(['admin' => !empty($_SESSION['is_admin'])]);
|
|
}
|
|
|
|
// POST /api/auth/login
|
|
if ($method === 'POST' && $action === 'login') {
|
|
$body = body();
|
|
$pw = $body['password'] ?? '';
|
|
|
|
if (empty($pw)) {
|
|
json_error('Password required');
|
|
}
|
|
|
|
if (!password_verify($pw, ADMIN_HASH)) {
|
|
sleep(1);
|
|
json_error('Invalid password', 401);
|
|
}
|
|
|
|
session_regenerate_id(true);
|
|
$_SESSION['is_admin'] = true;
|
|
json_out(['ok' => true]);
|
|
}
|
|
|
|
// POST /api/auth/logout — clears admin only, keeps OAuth user logged in
|
|
if ($method === 'POST' && $action === 'logout') {
|
|
unset($_SESSION['is_admin']);
|
|
json_out(['ok' => true]);
|
|
}
|
|
|
|
json_error('Not found', 404);
|