revoked access to website for coaches, added web-specific tokens
This commit is contained in:
@ -38,6 +38,15 @@ try {
|
||||
exit;
|
||||
}
|
||||
|
||||
if (($user['role'] ?? '') === 'coach') {
|
||||
http_response_code(403);
|
||||
echo json_encode([
|
||||
"success" => false,
|
||||
"message" => "Coach accounts can only sign in through the mobile app.",
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
if ((int)$user['mustChangePassword'] === 1) {
|
||||
$tempToken = bin2hex(random_bytes(32));
|
||||
token_add($tempToken, 10 * 60, [
|
||||
|
||||
Reference in New Issue
Block a user