summaryrefslogtreecommitdiff
path: root/Authentication
diff options
context:
space:
mode:
Diffstat (limited to 'Authentication')
-rw-r--r--Authentication/Callback/index.php61
-rw-r--r--Authentication/Start/index.php6
-rw-r--r--Authentication/Success/index.php4
-rw-r--r--Authentication/Test/index.php23
-rw-r--r--Authentication/index.php1
5 files changed, 0 insertions, 95 deletions
diff --git a/Authentication/Callback/index.php b/Authentication/Callback/index.php
deleted file mode 100644
index 981525f..0000000
--- a/Authentication/Callback/index.php
+++ /dev/null
@@ -1,61 +0,0 @@
-<?php
-
-$server = "auth.equestria.horse";
-
-header("Content-Type: text/plain");
-
-if (!isset($_GET['code'])) {
- die();
-}
-
-$appdata = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/app.json"), true);
-
-$crl = curl_init('https://' . $server . '/hub/api/rest/oauth2/token');
-curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);
-curl_setopt($crl, CURLINFO_HEADER_OUT, true);
-curl_setopt($crl, CURLOPT_POST, true);
-curl_setopt($crl, CURLOPT_HTTPHEADER, [
- "Authorization: Basic " . base64_encode($appdata["oauth"]["id"] . ":" . $appdata["oauth"]["secret"]),
- "Content-Type: application/x-www-form-urlencoded",
- "Accept: application/json"
-]);
-curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("https://ponies.equestria.horse/Authentication/Callback") . "&code=" . $_GET['code']);
-
-$result = curl_exec($crl);
-$result = json_decode($result, true);
-
-curl_close($crl);
-
-if (isset($result["access_token"])) {
- $crl = curl_init('https://' . $server . '/hub/api/rest/users/me');
- curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($crl, CURLINFO_HEADER_OUT, true);
- curl_setopt($crl, CURLOPT_HTTPHEADER, [
- "Authorization: Bearer " . $result["access_token"],
- "Accept: application/json"
- ]);
-
- $result = curl_exec($crl);
- $result = json_decode($result, true);
-
- if (!in_array($result["id"], $appdata["oauth"]["allowed"]["admin"]) && !in_array($result["id"], $appdata["oauth"]["allowed"]["lower"])) {
- header("Location: /?error=Access denied, you are not allowed to login to this website");
- die();
- }
-
- if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens");
- if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens");
-
- $token = bin2hex(random_bytes(32));
-
- if (in_array($result["id"], $appdata["oauth"]["allowed"]["admin"])) {
- file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token, json_encode($result));
- } else {
- file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token, json_encode($result));
- }
-
- header("Set-Cookie: PEH2_SESSION_TOKEN=" . $token . "; SameSite=None; Path=/; Secure; HttpOnly; Expires=" . date("r", time() + (86400 * 730)));
-
- header("Location: /Authentication/Success");
- die();
-} \ No newline at end of file
diff --git a/Authentication/Start/index.php b/Authentication/Start/index.php
deleted file mode 100644
index 99f393f..0000000
--- a/Authentication/Start/index.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-$server = "auth.equestria.horse";
-
-header("Location: https://$server/hub/api/rest/oauth2/auth?client_id=" . json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/app.json"), true)["oauth"]["id"] . "&response_type=code&redirect_uri=https://ponies.equestria.horse/Authentication/Callback&scope=Hub&request_credentials=default&access_type=offline");
-die();
diff --git a/Authentication/Success/index.php b/Authentication/Success/index.php
deleted file mode 100644
index 47e0775..0000000
--- a/Authentication/Success/index.php
+++ /dev/null
@@ -1,4 +0,0 @@
-<?php
-
-header("Location: /");
-die(); \ No newline at end of file
diff --git a/Authentication/Test/index.php b/Authentication/Test/index.php
deleted file mode 100644
index c6ceec0..0000000
--- a/Authentication/Test/index.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-
-global $SessionManagerAllowDisallowed;
-
-if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) {
- if (str_contains($_COOKIE['PEH2_SESSION_TOKEN'], ".") || str_contains($_COOKIE['PEH2_SESSION_TOKEN'], "/")) {
- header("Content-Type: application/json"); die("{\n \"status\": 1\n}");
- }
-
- if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])))) {
- $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))), true);
-
- $users = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Users.json"), true);
- $users[$_PROFILE["id"]] = $_PROFILE["name"];
- file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Users.json", json_encode($users));
- } else {
- header("Content-Type: application/json"); die("{\n \"status\": 1\n}");
- }
-} else {
- header("Content-Type: application/json"); die("{\n \"status\": 1\n}");
-}
-
-header("Content-Type: application/json"); die("{\n \"status\": 0\n}"); \ No newline at end of file
diff --git a/Authentication/index.php b/Authentication/index.php
deleted file mode 100644
index 9fd9e4a..0000000
--- a/Authentication/index.php
+++ /dev/null
@@ -1 +0,0 @@
-<?php header("Location: /Authentication/Start") and die(); \ No newline at end of file
© Floofi Systems, Some rights reserved. Powered by cgit.