summaryrefslogtreecommitdiff
path: root/includes/util/session.inc
diff options
context:
space:
mode:
Diffstat (limited to 'includes/util/session.inc')
-rw-r--r--includes/util/session.inc109
1 files changed, 0 insertions, 109 deletions
diff --git a/includes/util/session.inc b/includes/util/session.inc
deleted file mode 100644
index 867b306..0000000
--- a/includes/util/session.inc
+++ /dev/null
@@ -1,109 +0,0 @@
-<?php
-
-require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc";
-
-global $isLoggedIn;
-global $isLowerLoggedIn;
-global $_PROFILE;
-
-$isLoggedIn = false;
-$isLowerLoggedIn = false;
-
-if (!function_exists("formatPonypush")) {
- function formatPonypush($message) {
- return "Update to Ponypush 3.1.0 or later — (\$PA1$\$" . base64_encode($message) . "\$\$)";
- }
-}
-
-$authorization = null;
-$post = null;
-
-if ($_SERVER['REQUEST_METHOD'] === "POST") {
- $request_raw = file_get_contents('php://input');
- $json_object = $data = json_decode($request_raw, true);
-
- if (json_last_error() === JSON_ERROR_NONE) {
- $post = $data["_session"] ?? null;
- }
-}
-
-if (isset($_SERVER['HTTP_AUTHORIZATION']) && str_starts_with(trim($_SERVER['HTTP_AUTHORIZATION']), "Bearer ")) {
- $authorization = trim(substr($_SERVER['HTTP_AUTHORIZATION'], 7));
-}
-
-$token = $authorization ?? $post ?? $_POST["_session"] ?? $_GET["_session"] ?? $_COOKIE['PEH2_SESSION_TOKEN'] ?? null;
-
-if (isset($token)) {
- if (!(str_contains($token, "/") || trim($token) === "" || trim($token) === "." || trim($token) === "..")) {
- if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))) {
- $data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token))), true);
-
- if (isset($data["profile"])) {
- $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true);
-
- if (time() - $data["last"] > 86400 * 30) {
- unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token));
- unset($_PROFILE);
- $isLoggedIn = false;
- $isLowerLoggedIn = false;
- }
-
- $data["last"] = time();
- if (!isset($data["addresses"])) $data["addresses"] = [];
- $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time();
-
- copy($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), $_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old");
-
- file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data)));
-
- if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)) === "")) {
- unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token));
- copy($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old", $_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token));
- }
-
- unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old");
- } else {
- $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true);
- }
-
- $isLoggedIn = true;
- } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token))) {
- $data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token))), true);
-
- if (isset($data["profile"])) {
- $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)), true);
-
- if (time() - $data["last"] > 86400 * 30) {
- unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token));
- unset($_PROFILE);
- $isLoggedIn = false;
- $isLowerLoggedIn = false;
- }
-
- $data["last"] = time();
- if (!isset($data["addresses"])) $data["addresses"] = [];
- $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time();
-
- copy($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), $_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old");
-
- file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data)));
-
- if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)) === "")) {
- unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token));
- copy($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old", $_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token));
- }
-
- unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token) . ".old");
- } else {
- $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)), true);
- }
-
- $isLowerLoggedIn = true;
- }
- }
-} else if ($_SERVER["REMOTE_ADDR"] === "127.0.0.1") {
- $isLowerLoggedIn = false;
- $isLoggedIn = true;
-}
-
-unset($data); \ No newline at end of file
© Floofi Systems, Some rights reserved. Powered by cgit.