diff options
Diffstat (limited to 'includes/session.php')
-rw-r--r-- | includes/session.php | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/includes/session.php b/includes/session.php new file mode 100644 index 0000000..4c1a7c1 --- /dev/null +++ b/includes/session.php @@ -0,0 +1,31 @@ +<?php + +$_AUTH = true; +if (isset($_COOKIE['MMSP_SESSION_TOKEN'])) { + if (str_contains($_COOKIE['MMSP_SESSION_TOKEN'], ".") || str_contains($_COOKIE['MMSP_SESSION_TOKEN'], "/")) { + $_AUTH = false; + $_PROFILE['mmsp_username'] = "system"; + } + + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['MMSP_SESSION_TOKEN'])))) { + $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['MMSP_SESSION_TOKEN']))), true); + + $users = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/users.json"), true); + + if (in_array($_PROFILE['id'], array_keys($users)) && file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/" . $users[$_PROFILE['id']])) { + $_PROFILE['mmsp_username'] = $users[$_PROFILE['id']]; + $_USER = $_PROFILE['login']; + $_SUID = $_PROFILE['login']; + $_FULLNAME = $_PROFILE['name']; + } else { + $_AUTH = false; + $_PROFILE['mmsp_username'] = "system"; + } + } else { + $_AUTH = false; + $_PROFILE['mmsp_username'] = "system"; + } +} else { + $_AUTH = false; + $_PROFILE['mmsp_username'] = "system"; +}
\ No newline at end of file |