2 files changed, 73 insertions, 59 deletions

diff --git a/private/FamilineConfig.demo.json b/private/FamilineConfig.demo.json
index 598ea3d..2a4b026 100644
--- a/private/FamilineConfig.demo.json
+++ b/private/FamilineConfig.demo.json
@@ -1,30 +1,39 @@
-{
-    "Global": {
-        "domain": "familine.minteck.org",
-        "federation": "account.familine.minteck.org",
-        "support": "support@familine.minteck.org"
-    },
-
-    "Money": {
-        "terms": [
-            "Insérez ici",
-            "les conditions",
-            "d'utilisation de",
-            "votre instance de",
-            "Familine Money"
-        ],
-        "collect": "Insérez ici le nom de l'administrateur de Familine",
-        "refund": "refunds@familine.minteck.org",
-        "credit": "money@familine.minteck.org"
-    },
-
-    "Movies": {
-        "schedule": [
-            "Insérez ici",
-            "le programme des",
-            "prochaines sorties",
-            "qui seront publiées",
-            "sur Familine Movies"
-        ]
-    }
+{

+    "Global": {

+        "domain": "familine.minteck.org",

+        "federation": "account.familine.minteck.org",

+        "support": "support@familine.minteck.org"

+    },

+

+    "Money": {

+        "terms": [

+            "Insérez ici",

+            "les conditions",

+            "d'utilisation de",

+            "votre instance de",

+            "Familine Money"

+        ],

+        "collect": "Insérez ici le nom de l'administrateur de Familine",

+        "refund": "refunds@familine.minteck.org",

+        "credit": "money@familine.minteck.org"

+    },

+

+    "Movies": {

+        "schedule": [

+            "Insérez ici",

+            "le programme des",

+            "prochaines sorties",

+            "qui seront publiées",

+            "sur Familine Movies"

+        ],

+        "adventures": "Insérez ici le nom pour compléter 'Les aventures de <...>'",

+        "legacy": "Insérez ici l'ancien nom du studio de productions",

+        "current": "Insérez ici le nom actuel du studio de productions",

+        "notes": [

+            "Insérez ici les",

+            "notes de mise à",

+            "jour de Familine",

+            "Movies."

+        ]

+    }

 }
\ No newline at end of file
diff --git a/private/session.php b/private/session.php
index e0135db..7a37d8a 100644
--- a/private/session.php
+++ b/private/session.php
@@ -1,30 +1,35 @@
-<?php
-
-$_CONFIG = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/private/FamilineConfig.json"), true);
-
-if (isset($_COOKIE['FL_SESSION_TOKEN'])) {
-    if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/private/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['FL_SESSION_TOKEN'])))) {
-        $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/private/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['FL_SESSION_TOKEN']))), true);
-
-        if (isset($_PROFILE['familine'])) {
-            header("Location: /welcome");
-            die();
-        }
-
-        $_USER = $_PROFILE['login'];
-        $_SUID = $_PROFILE['login'];
-        $_FULLNAME = $_PROFILE['name'];
-    } else {
-        header("Location: /welcome");
-        die();
-    }
-} else {
-    header("Location: /welcome");
-    die();
-}
-
-if (isset($_PROFILE["projectRoles"]) && is_array($_PROFILE["projectRoles"]) && isset($_PROFILE["projectRoles"][0]) && is_array($_PROFILE["projectRoles"][0]) && isset($_PROFILE["projectRoles"][0]["role"]) && is_array($_PROFILE["projectRoles"][0]["role"]) && isset($_PROFILE["projectRoles"][0]["role"]["key"]) && is_string($_PROFILE["projectRoles"][0]["role"]["key"]) && $_PROFILE["projectRoles"][0]["role"]["key"] === "system-admin") {
-    $_ADMIN = true;
-} else {
-    $_ADMIN = false;
-}
+<?php

+

+$_CONFIG = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/private/FamilineConfig.json"), true);

+

+if (isset($_COOKIE['FL_SESSION_TOKEN'])) {

+    if (strpos($_COOKIE['FL_SESSION_TOKEN'], ".") !== false || strpos($_COOKIE['FL_SESSION_TOKEN'], "/") !== false) {

+        header("Location: /welcome");

+        die();

+    }

+

+    if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/private/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['FL_SESSION_TOKEN'])))) {

+        $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/private/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['FL_SESSION_TOKEN']))), true);

+

+        if (isset($_PROFILE['familine'])) {

+            header("Location: /welcome");

+            die();

+        }

+

+        $_USER = $_PROFILE['login'];

+        $_SUID = $_PROFILE['login'];

+        $_FULLNAME = $_PROFILE['name'];

+    } else {

+        header("Location: /welcome");

+        die();

+    }

+} else {

+    header("Location: /welcome");

+    die();

+}

+

+if (isset($_PROFILE["projectRoles"]) && is_array($_PROFILE["projectRoles"]) && isset($_PROFILE["projectRoles"][0]) && is_array($_PROFILE["projectRoles"][0]) && isset($_PROFILE["projectRoles"][0]["role"]) && is_array($_PROFILE["projectRoles"][0]["role"]) && isset($_PROFILE["projectRoles"][0]["role"]["key"]) && is_string($_PROFILE["projectRoles"][0]["role"]["key"]) && $_PROFILE["projectRoles"][0]["role"]["key"] === "system-admin") {

+    $_ADMIN = true;

+} else {

+    $_ADMIN = false;

+}