Initial commit

3 files changed, 62 insertions, 0 deletions

diff --git a/Private/AllowedUsers.json b/Private/AllowedUsers.json
new file mode 100644
index 0000000..b94bf28
--- /dev/null
+++ b/Private/AllowedUsers.json
@@ -0,0 +1,4 @@
+[
+  "e2d08242-9107-40fc-834e-28e6000ef1cd",
+  "0204b8a8-4468-4f59-859d-a82e731b1378"
+]
\ No newline at end of file
diff --git a/Private/SessionChecker.php b/Private/SessionChecker.php
new file mode 100644
index 0000000..194c398
--- /dev/null
+++ b/Private/SessionChecker.php
@@ -0,0 +1,25 @@
+<?php
+
+global $SessionManagerAllowDisallowed;
+
+if (isset($_COOKIE['BITS_SESSION_TOKEN'])) {
+    if (str_contains($_COOKIE['BITS_SESSION_TOKEN'], ".") || str_contains($_COOKIE['BITS_SESSION_TOKEN'], "/")) {
+        header("Content-Type: application/json"); die("{\n    \"status\": 1\n}");
+    }
+
+    if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['BITS_SESSION_TOKEN'])))) {
+        $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['BITS_SESSION_TOKEN']))), true);
+
+        if (!in_array($_PROFILE["id"], json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/AllowedUsers.json"), true)) && !$SessionManagerAllowDisallowed) {
+            header("Content-Type: application/json"); die("{\n    \"status\": 1\n}");
+        } else {
+            $users = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Users.json"), true);
+            $users[$_PROFILE["id"]] = $_PROFILE["name"];
+            file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Users.json", json_encode($users));
+        }
+    } else {
+        header("Content-Type: application/json"); die("{\n    \"status\": 1\n}");
+    }
+} else {
+    header("Content-Type: application/json"); die("{\n    \"status\": 1\n}");
+}
\ No newline at end of file
diff --git a/Private/SessionManager.php b/Private/SessionManager.php
new file mode 100644
index 0000000..bb6c721
--- /dev/null
+++ b/Private/SessionManager.php
@@ -0,0 +1,33 @@
+<?php
+
+if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/Data")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/Data");
+if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/Data/Transactions.json")) file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Data/Transactions.json", "[]");
+if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/Data/Users.json")) file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Data/Users.json", "{}");
+
+global $SessionManagerAllowDisallowed;
+
+if (isset($_COOKIE['BITS_SESSION_TOKEN'])) {
+    if (str_contains($_COOKIE['BITS_SESSION_TOKEN'], ".") || str_contains($_COOKIE['BITS_SESSION_TOKEN'], "/")) {
+        header("Location: /Authentication/Start");
+        die();
+    }
+
+    if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['BITS_SESSION_TOKEN'])))) {
+        $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['BITS_SESSION_TOKEN']))), true);
+
+        if (!in_array($_PROFILE["id"], json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/AllowedUsers.json"), true)) && !$SessionManagerAllowDisallowed) {
+            header("Location: /Authentication/Disallowed");
+            die();
+        } else {
+            $users = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Users.json"), true);
+            $users[$_PROFILE["id"]] = $_PROFILE["name"];
+            file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Users.json", json_encode($users));
+        }
+    } else {
+        header("Location: /Authentication/Start");
+        die();
+    }
+} else {
+    header("Location: /Authentication/Start");
+    die();
+}
\ No newline at end of file