diff options
Diffstat (limited to 'includes/util/session.inc')
| -rw-r--r-- | includes/util/session.inc | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/includes/util/session.inc b/includes/util/session.inc index 81192b9..74f16ba 100644 --- a/includes/util/session.inc +++ b/includes/util/session.inc @@ -15,19 +15,38 @@ if (!function_exists("formatPonypush")) { } } -if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) { - if (!(str_contains($_COOKIE['PEH2_SESSION_TOKEN'], "/") || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "" || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "." || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "..")) { - if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))) { - $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true); +$authorization = null; +$post = null; + +if ($_SERVER['REQUEST_METHOD'] === "POST") { + $request_raw = file_get_contents('php://input'); + $json_object = $data = json_decode($request_raw, true); + + if (json_last_error() === JSON_ERROR_NONE) { + $post = $data["_session"]; + } +} + +if (isset($_SERVER['HTTP_AUTHORIZATION']) && str_starts_with(trim($_SERVER['HTTP_AUTHORIZATION']), "Bearer ")) { + $authorization = trim(substr($_SERVER['HTTP_AUTHORIZATION'], 7)); +} + +$token = $authorization ?? $post ?? $_POST["_session"] ?? $_GET["_session"] ?? $_COOKIE['PEH2_SESSION_TOKEN'] ?? null; + +if (isset($token)) { + if (!(str_contains($token, "/") || trim($token) === "" || trim($token) === "." || trim($token) === "..")) { + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))) { + $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true); if (isset($data["profile"])) { $_PROFILE = $data["profile"]; $data["last"] = time(); + if (!isset($data["addresses"])) $data["addresses"] = []; $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data)); + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), json_encode($data)); if (time() - $data["last"] > 86400 * 30) { - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])); + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)); unset($_PROFILE); $isLoggedIn = false; $isLowerLoggedIn = false; @@ -42,17 +61,17 @@ if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) { } $isLoggedIn = true; - } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))) { - $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true); + } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token))) { + $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)), true); if (isset($data["profile"])) { $_PROFILE = $data["profile"]; $data["last"] = time(); $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data)); + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), json_encode($data)); if (time() - $data["last"] > 86400 * 30) { - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])); + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)); unset($_PROFILE); $isLoggedIn = false; $isLowerLoggedIn = false; |