diff options
Diffstat (limited to 'includes/session.locked.php')
| -rw-r--r-- | includes/session.locked.php | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/includes/session.locked.php b/includes/session.locked.php new file mode 100644 index 0000000..c3fc82a --- /dev/null +++ b/includes/session.locked.php @@ -0,0 +1,30 @@ +<?php + +if (isset($_COOKIE['MMSP_SESSION_TOKEN'])) { + if (str_contains($_COOKIE['MMSP_SESSION_TOKEN'], ".") || str_contains($_COOKIE['MMSP_SESSION_TOKEN'], "/")) { + header("Location: /explore"); + die(); + } + + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['MMSP_SESSION_TOKEN'])))) { + $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['MMSP_SESSION_TOKEN']))), true); + + $users = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/users.json"), true); + + if (in_array($_PROFILE['id'], array_keys($users)) && file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/" . $users[$_PROFILE['id']])) { + $_PROFILE['mmsp_username'] = $users[$_PROFILE['id']]; + $_USER = $_PROFILE['login']; + $_SUID = $_PROFILE['login']; + $_FULLNAME = $_PROFILE['name']; + } else { + header("Location: /initial"); + die(); + } + } else { + header("Location: /explore"); + die(); + } +} else { + header("Location: /explore"); + die(); +}
\ No newline at end of file |