diff options
| author | RaindropsSys <raindrops@equestria.dev> | 2024-03-30 23:40:33 +0100 |
|---|---|---|
| committer | RaindropsSys <raindrops@equestria.dev> | 2024-03-30 23:40:33 +0100 |
| commit | 6b796258d413f00e498ce7f80f73a9f6c061f29c (patch) | |
| tree | 49e64a5dd4cde2acff7f0a93ed3f8e20e1cb2dc8 /includes/util/session.inc | |
| parent | 5860551daa0f60103ad24e93da29f401a653f144 (diff) | |
| download | pluralconnect-6b796258d413f00e498ce7f80f73a9f6c061f29c.tar.gz pluralconnect-6b796258d413f00e498ce7f80f73a9f6c061f29c.tar.bz2 pluralconnect-6b796258d413f00e498ce7f80f73a9f6c061f29c.zip | |
Updated 5 files, added 2 files, deleted 495 files and renamed 7 files (automated)
Diffstat (limited to 'includes/util/session.inc')
| -rw-r--r-- | includes/util/session.inc | 109 |
1 files changed, 0 insertions, 109 deletions
diff --git a/includes/util/session.inc b/includes/util/session.inc deleted file mode 100644 index 867b306..0000000 --- a/includes/util/session.inc +++ /dev/null @@ -1,109 +0,0 @@ -<?php - -require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc"; - -global $isLoggedIn; -global $isLowerLoggedIn; -global $_PROFILE; - -$isLoggedIn = false; -$isLowerLoggedIn = false; - -if (!function_exists("formatPonypush")) { - function formatPonypush($message) { - return "Update to Ponypush 3.1.0 or later — (\$PA1$\$" . base64_encode($message) . "\$\$)"; - } -} - -$authorization = null; -$post = null; - -if ($_SERVER['REQUEST_METHOD'] === "POST") { - $request_raw = file_get_contents('php://input'); - $json_object = $data = json_decode($request_raw, true); - - if (json_last_error() === JSON_ERROR_NONE) { - $post = $data["_session"] ?? null; - } -} - -if (isset($_SERVER['HTTP_AUTHORIZATION']) && str_starts_with(trim($_SERVER['HTTP_AUTHORIZATION']), "Bearer ")) { - $authorization = trim(substr($_SERVER['HTTP_AUTHORIZATION'], 7)); -} - -$token = $authorization ?? $post ?? $_POST["_session"] ?? $_GET["_session"] ?? $_COOKIE['PEH2_SESSION_TOKEN'] ?? null; - -if (isset($token)) { - if (!(str_contains($token, "/") || trim($token) === "" || trim($token) === "." || trim($token) === "..")) { - if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))) { - $data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token))), true); - - if (isset($data["profile"])) { - $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true); - - if (time() - $data["last"] > 86400 * 30) { - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)); - unset($_PROFILE); - $isLoggedIn = false; - $isLowerLoggedIn = false; - } - - $data["last"] = time(); - if (!isset($data["addresses"])) $data["addresses"] = []; - $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); - - copy($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), $_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old"); - - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data))); - - if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)) === "")) { - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)); - copy($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old", $_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)); - } - - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old"); - } else { - $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true); - } - - $isLoggedIn = true; - } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token))) { - $data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token))), true); - - if (isset($data["profile"])) { - $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)), true); - - if (time() - $data["last"] > 86400 * 30) { - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)); - unset($_PROFILE); - $isLoggedIn = false; - $isLowerLoggedIn = false; - } - - $data["last"] = time(); - if (!isset($data["addresses"])) $data["addresses"] = []; - $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); - - copy($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), $_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old"); - - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data))); - - if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)) === "")) { - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)); - copy($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old", $_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)); - } - - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old"); - } else { - $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)), true); - } - - $isLowerLoggedIn = true; - } - } -} else if ($_SERVER["REMOTE_ADDR"] === "127.0.0.1") { - $isLowerLoggedIn = false; - $isLoggedIn = true; -} - -unset($data);
\ No newline at end of file |