36 lines
1.0 KiB
PHP
36 lines
1.0 KiB
PHP
<?php
|
|
|
|
require_once __DIR__ . '/../includes/api_bootstrap.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
sendJson(['success' => false, 'error' => 'Method not allowed'], 405);
|
|
}
|
|
|
|
$body = readJsonBody();
|
|
$personId = isset($body['personId']) ? trim((string) $body['personId']) : '';
|
|
$pin = isset($body['pin']) ? (string) $body['pin'] : '';
|
|
|
|
if ($personId === '') {
|
|
sendJson(['success' => false, 'error' => 'personId is required'], 400);
|
|
}
|
|
|
|
$people = normalizePeopleList(readJsonFile('people.json'));
|
|
$person = findPersonById($people, $personId);
|
|
if ($person === null) {
|
|
sendJson(['success' => false, 'error' => 'Person not found'], 404);
|
|
}
|
|
|
|
$role = $person['role'] ?? '';
|
|
$pinHash = $person['pin_hash'] ?? null;
|
|
|
|
if ($role === ROLE_HEAD && is_string($pinHash) && $pinHash !== '') {
|
|
if ($pin === '' || !password_verify($pin, $pinHash)) {
|
|
sendJson(['success' => false, 'error' => 'PIN required or incorrect'], 403);
|
|
}
|
|
setSessionPerson($personId, true);
|
|
} else {
|
|
setSessionPerson($personId, false);
|
|
}
|
|
|
|
sendJson(['success' => true]);
|