api host: add session validation

author Andrew Dolgov <noreply@fakecake.org>

Wed, 20 Jul 2016 10:55:51 +0000 (13:55 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Wed, 20 Jul 2016 10:55:51 +0000 (13:55 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Wed, 20 Jul 2016 10:55:51 +0000 (13:55 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Wed, 20 Jul 2016 10:55:51 +0000 (13:55 +0300)
diff --git a/api/index.php b/api/index.php

index b02a5d6794d3e4294bf72321ecf1e4ab2b6de22e..d451a3ac8fd53a6620d3d9a70fbc3bf0aadff0d3 100644 (file)
--- a/api/index.php
+++ b/api/index.php
@@ -58,6 +58,16 @@
         if (!init_plugins()) return;
  
         if ($_SESSION["uid"]) {
+               if (!validate_session()) {
+                       header("Content-Type: text/json");
+
+                       print json_encode(array("seq" => -1,
+                               "status" => 1,
+                               "content" => array("error" => "NOT_LOGGED_IN")));
+
+                       return;
+               }
+
                 load_user_plugins( $_SESSION["uid"]);
         }
author	Andrew Dolgov <noreply@fakecake.org>
	Wed, 20 Jul 2016 10:55:51 +0000 (13:55 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Wed, 20 Jul 2016 10:55:51 +0000 (13:55 +0300)