revoked access to website for coaches, added web-specific tokens
This commit is contained in:
@ -65,6 +65,16 @@ try {
|
||||
exit;
|
||||
}
|
||||
|
||||
if (($user['role'] ?? '') === 'coach') {
|
||||
qdb_discard($tmpDb, $lockFp);
|
||||
http_response_code(403);
|
||||
echo json_encode([
|
||||
"success" => false,
|
||||
"message" => "Coach accounts can only sign in through the mobile app.",
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!password_verify($oldPassword, $user['passwordHash'])) {
|
||||
qdb_discard($tmpDb, $lockFp);
|
||||
http_response_code(401);
|
||||
|
||||
Reference in New Issue
Block a user