From: edward <edward@roojs.com>
Date: Wed, 14 Feb 2018 09:56:43 +0000 (+0800)
Subject: VerifyAccess.php
X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=commitdiff_plain;h=f17cc11b5e3f272c8853816a89f2869ab9b06b9b

VerifyAccess.php
---

diff --git a/VerifyAccess.php b/VerifyAccess.php
index c5a3029e..dee7aa7f 100644
--- a/VerifyAccess.php
+++ b/VerifyAccess.php
@@ -14,9 +14,29 @@ class Pman_Core_VerifyAccess extends Pman
     
     function get($id)
     {
-        
         @list($id, $key) = explode('/', $id);
         
+        $ff = HTML_FlexyFramework::get();
+        
+        $core_person = DB_DataObject::factory('core_person');
+        $core_ip_access = DB_DataObject::factory('core_ip_access');
+        
+        if(
+                empty($ff->Pman['ip_management']) || 
+                empty($ff->Pman['XMPP']) ||
+                empty($ff->Pman['XMPP']['to']) ||
+                !$core_person->get('email', $ff->Pman['XMPP']['to']) ||
+                empty($id) ||
+                empty($key) ||
+                !$core_ip_access->get($id) ||
+                $core_ip_access->authorized_key != $key
+        ) {
+            $this->jerr('Invalid URL');
+        }
+        
+        
+        
+        
         
         
     }