From f17cc11b5e3f272c8853816a89f2869ab9b06b9b Mon Sep 17 00:00:00 2001
From: edward <edward@roojs.com>
Date: Wed, 14 Feb 2018 17:56:43 +0800
Subject: [PATCH] VerifyAccess.php

---
 VerifyAccess.php | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/VerifyAccess.php b/VerifyAccess.php
index c5a3029e..dee7aa7f 100644
--- a/VerifyAccess.php
+++ b/VerifyAccess.php
@@ -14,9 +14,29 @@ class Pman_Core_VerifyAccess extends Pman
     
     function get($id)
     {
-        
         @list($id, $key) = explode('/', $id);
         
+        $ff = HTML_FlexyFramework::get();
+        
+        $core_person = DB_DataObject::factory('core_person');
+        $core_ip_access = DB_DataObject::factory('core_ip_access');
+        
+        if(
+                empty($ff->Pman['ip_management']) || 
+                empty($ff->Pman['XMPP']) ||
+                empty($ff->Pman['XMPP']['to']) ||
+                !$core_person->get('email', $ff->Pman['XMPP']['to']) ||
+                empty($id) ||
+                empty($key) ||
+                !$core_ip_access->get($id) ||
+                $core_ip_access->authorized_key != $key
+        ) {
+            $this->jerr('Invalid URL');
+        }
+        
+        
+        
+        
         
         
     }
-- 
2.39.2