Restrict new hidden hash-cost-test action to moderators or better

build/index.php

@@ -407,7 +407,7 @@ if($settings->sessionprefix == "auto")
 /////////////////////////////////////////////////////////////////////////////
 /** The version of Pepperminty Wiki currently running. */
 $version = "v0.17-beta1";
-$commit = "1a11c84e1dd0104e1cc9dc44eaaa737982165f4c";
+$commit = "57ec8b82b52fb5bc70c8268649676de1fbb5e625";
 /// Environment ///
 /** Holds information about the current request environment. */
 $env = new stdClass();
@@ -8017,8 +8017,15 @@ register_module([
 		});
 		
 		add_action("hash-cost-test", function() {
+			global $env;
+			
 			header("content-type: text/plain");
 			
+			if(!$env->is_logged_in || !$env->is_admin) {
+				http_response_code(401);
+				exit("Error: Only moderators are allowed to use this action.");
+			}
+			
 			$time_compute = microtime(true);
 			$cost = hash_password_compute_cost();
 			$time_compute = (microtime(true) - $time_compute)*1000;

module_index.json

@@ -212,7 +212,7 @@
         "author": "Starbeamrainbowlabs",
         "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
         "id": "page-login",
-        "lastupdate": 1538314946,
+        "lastupdate": 1538315378,
         "optional": false
     },
     {

modules/page-login.php

@@ -151,8 +151,15 @@ register_module([
 		});
 		
 		add_action("hash-cost-test", function() {
+			global $env;
+			
 			header("content-type: text/plain");
 			
+			if(!$env->is_logged_in || !$env->is_admin) {
+				http_response_code(401);
+				exit("Error: Only moderators are allowed to use this action.");
+			}
+			
 			$time_compute = microtime(true);
 			$cost = hash_password_compute_cost();
 			$time_compute = (microtime(true) - $time_compute)*1000;