Updated 14 files and added 6 files (automated)

author: RaindropsSys <contact@minteck.org> 2023-05-13 19:25:44 +0200
committer: RaindropsSys <contact@minteck.org> 2023-05-13 19:25:44 +0200
commit: 21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1 (patch)
tree: 8bdad11e806ad4ac6c68902eaf72913a4554e484 /includes/util
parent: f80190dddaa72d9f8863b0b922e557668b6cba27 (diff)
download: pluralconnect-21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1.tar.gz
pluralconnect-21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1.tar.bz2
pluralconnect-21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1.zip
2 files changed, 38 insertions, 6 deletions
diff --git a/includes/util/functions.inc b/includes/util/functions.inc
index 9727b51..3d84bb7 100644
--- a/includes/util/functions.inc
+++ b/includes/util/functions.inc
@@ -25,7 +25,7 @@ if (!function_exists("formatPonypush")) {
 
 if (!function_exists("generateToken")) {
     function generateToken(): string {
-        return bin2hex(random_bytes(32));
+        return str_replace("/", ".", base64_encode(random_bytes(96)));
     }
 }
 
diff --git a/includes/util/session.inc b/includes/util/session.inc
index 0a5999f..81192b9 100644
--- a/includes/util/session.inc
+++ b/includes/util/session.inc
@@ -16,9 +16,25 @@ if (!function_exists("formatPonypush")) {
 }
 
 if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) {
-    if (!(str_contains($_COOKIE['PEH2_SESSION_TOKEN'], ".") || str_contains($_COOKIE['PEH2_SESSION_TOKEN'], "/") || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "")) {
-        if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])))) {
-            $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))), true);
+    if (!(str_contains($_COOKIE['PEH2_SESSION_TOKEN'], "/") || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "" || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "." || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "..")) {
+        if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))) {
+            $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true);
+
+            if (isset($data["profile"])) {
+                $_PROFILE = $data["profile"];
+                $data["last"] = time();
+                $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time();
+                file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data));
+
+                if (time() - $data["last"] > 86400 * 30) {
+                    unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']));
+                    unset($_PROFILE);
+                    $isLoggedIn = false;
+                    $isLowerLoggedIn = false;
+                }
+            } else {
+                $_PROFILE = $data;
+            }
 
             if (isset($_GET['invert'])) {
                 $_PROFILE["login"] = $_PROFILE["login"] === "raindrops" ? "cloudburst" : "raindrops";
@@ -26,8 +42,24 @@ if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) {
             }
 
             $isLoggedIn = true;
-        } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])))) {
-            $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))), true);
+        } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))) {
+            $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true);
+
+            if (isset($data["profile"])) {
+                $_PROFILE = $data["profile"];
+                $data["last"] = time();
+                $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time();
+                file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data));
+
+                if (time() - $data["last"] > 86400 * 30) {
+                    unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']));
+                    unset($_PROFILE);
+                    $isLoggedIn = false;
+                    $isLowerLoggedIn = false;
+                }
+            } else {
+                $_PROFILE = $data;
+            }
 
             $isLowerLoggedIn = true;
         }
author	RaindropsSys <contact@minteck.org>	2023-05-13 19:25:44 +0200
committer	RaindropsSys <contact@minteck.org>	2023-05-13 19:25:44 +0200
commit	21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1 (patch)
tree	8bdad11e806ad4ac6c68902eaf72913a4554e484 /includes/util
parent	f80190dddaa72d9f8863b0b922e557668b6cba27 (diff)
download	pluralconnect-21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1.tar.gz pluralconnect-21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1.tar.bz2 pluralconnect-21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1.zip