diff options
| -rw-r--r-- | app.php | 1 | ||||
| -rw-r--r-- | pages/api/reauthenticate.php | 16 | ||||
| -rw-r--r-- | pages/sessions.inc | 39 |
3 files changed, 51 insertions, 5 deletions
@@ -2,6 +2,7 @@ ob_start(); +//if (true) { if (!str_starts_with($_SERVER['REQUEST_URI'], "/api")) { require_once $_SERVER['DOCUMENT_ROOT'] . "/error.php"; set_error_handler("ch_error"); diff --git a/pages/api/reauthenticate.php b/pages/api/reauthenticate.php index fe10d28..2b5a8ca 100644 --- a/pages/api/reauthenticate.php +++ b/pages/api/reauthenticate.php @@ -14,7 +14,13 @@ $newToken = generateToken(); if (isset($_COOKIE['PEH2_SESSION_TOKEN']) && $isLoggedIn) { $old = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $_COOKIE['PEH2_SESSION_TOKEN']), true); - $old["name"] = base64_decode($_GET["name"] ?? "LQo="); + + if (!isset($_GET["plain"])) { + $old["name"] = base64_decode($_GET["name"] ?? "LQo="); + } else { + $old["name"] = $_GET["name"] ?? "-"; + } + $old["created"] = time(); $old["addresses"] = []; $old["last"] = time(); @@ -23,7 +29,13 @@ if (isset($_COOKIE['PEH2_SESSION_TOKEN']) && $isLoggedIn) { file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $newToken, json_encode($old)); } else if (isset($_COOKIE['PEH2_SESSION_TOKEN']) && $isLowerLoggedIn) { $old = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $_COOKIE['PEH2_SESSION_TOKEN']), true); - $old["name"] = base64_decode($_GET["name"] ?? "LQo="); + + if (!isset($_GET["plain"])) { + $old["name"] = base64_decode($_GET["name"] ?? "LQo="); + } else { + $old["name"] = $_GET["name"] ?? "-"; + } + $old["created"] = time(); $old["addresses"] = []; $old["last"] = time(); diff --git a/pages/sessions.inc b/pages/sessions.inc index d782128..a8734ac 100644 --- a/pages/sessions.inc +++ b/pages/sessions.inc @@ -3,6 +3,22 @@ require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/init.inc"; global $title; global $isLoggedIn; global $isLowerLoggedIn; global $lang; global $pages; require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/components/header.inc'; global $_PROFILE; +$verified = [ + dns_get_record("zephyrheights.equestria.dev", DNS_A)[0]["ip"], + dns_get_record("maretimebay.equestria.dev", DNS_A)[0]["ip"], + dns_get_record("bridlewood.equestria.dev", DNS_A)[0]["ip"], + dns_get_record("cloudsdale.equestria.dev", DNS_A)[0]["ip"], + dns_get_record("manehattan.equestria.dev", DNS_A)[0]["ip"], +]; + +$verifiedNames = [ + "Raindrops System", + "Raindrops System", + "Equestria.dev bridlewood", + "Cloudburst System", + "Equestria.dev manehattan" +]; + ?> <br> @@ -34,20 +50,37 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/components/header.inc'; glob } }); + $addressFetchIndex = 0; + foreach ($list as $token): $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true); if (isset($session["profile"]) && isset($session["name"]) && ($session["profile"]["id"] ?? "") === ($_PROFILE["id"] ?? "")): uasort($session["addresses"], function ($a, $b) { return $b - $a; }); ?> <a class="list-group-item list-group-item-action" onclick="logOut("<?= sha1($token) . md5($token) ?>");"> <b><?= $session["name"] ?></b><?php if ($token === $_COOKIE["PEH2_SESSION_TOKEN"]): ?><span style="margin-left: 10px;" class="badge bg-primary">This device</span><?php endif; ?><script>window.devices["<?= sha1($token) . md5($token) ?>"]=JSON.parse(`<?= json_encode([ - "name" => $session["name"], - "lastIP" => array_keys($session["addresses"])[count(array_keys($session["addresses"])) - 1], + "name" => trim($session["name"]), + "lastIP" => array_keys($session["addresses"])[count(array_keys($session["addresses"])) > 0 ? count(array_keys($session["addresses"])) - 1 : 0] ?? "-", "lastSeen" => timeAgo($session["last"]), "currentDevice" => $token === $_COOKIE["PEH2_SESSION_TOKEN"] ]) ?>`);</script><br> Logged in <?= timeAgo($session["created"]) ?>, last activity <?= timeAgo($session["last"]) ?> <blockquote class="session-bq"> <?php foreach ($session["addresses"] as $address => $last): ?> - <?= $address ?> · <?= timeAgo($last) ?><br> + <?= $address ?><?php if (in_array($address, $verified)): ?><span class="text-success" style="filter: invert(1) hue-rotate(180deg);"> (verified: <?= $verifiedNames[array_search($address, $verified)] ?? "-" ?>)</span><?php else: ?> <span class="text-muted" style="filter: invert(1) hue-rotate(180deg);" id="aft-<?= $addressFetchIndex ?>">(unverified: …)<script> + setTimeout(async () => { + let json = JSON.parse(await (await fetch("https://api.iplocation.net/?ip=<?= $address ?>")).text()); + + if ( + (json['country_code2'] !== "FR" && json['country_code2'] !== "GB") || + (json['isp'] === "Academie Orleans-Tours" && json['isp'] === "Free Mobile SAS" && json['isp'] === "Google One Services" && json['isp'] === "Vodafone Ltd" && json['isp'] === "Telefonica UK Limited") + ) { + document.getElementById("aft-<?= $addressFetchIndex ?>").classList.remove("text-muted"); + document.getElementById("aft-<?= $addressFetchIndex ?>").classList.add("text-danger"); + document.getElementById("aft-<?= $addressFetchIndex ?>").innerText = `(unsafe: ${json['isp']}, ${json['country_code2'] === "GB" ? "UK" : json['country_code2']})`; + } else { + document.getElementById("aft-<?= $addressFetchIndex ?>").innerText = `(unverified: ${json['isp']}, ${json['country_code2'] === "GB" ? "UK" : json['country_code2']})`; + } + }, 500 * <?= $addressFetchIndex ?>); + </script></span><?php $addressFetchIndex++; endif; ?> · <?= timeAgo($last) ?><br> <?php endforeach; ?> </blockquote> </a> |