2 files changed, 38 insertions, 5 deletions

diff --git a/includes/util/functions.inc b/includes/util/functions.inc
index 9b6f356..8b22709 100644
--- a/includes/util/functions.inc
+++ b/includes/util/functions.inc
@@ -5,6 +5,18 @@ require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/bitset.inc";
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/homepage.inc";
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/random.inc";
 
+if (!function_exists("pf_utf8_decode")) {
+    function pf_utf8_decode(string $string): string {
+        return iconv("UTF-8", "ISO-8859-1", $string);
+    }
+}
+
+if (!function_exists("pf_utf8_encode")) {
+    function pf_utf8_encode(string $string): string {
+        return iconv("ISO-8859-1", "UTF-8", $string);
+    }
+}
+
 if (!function_exists("getLastFronted")) {
     function getLastFronted($members, $id) {
         foreach ($members as $member) {
@@ -37,7 +49,7 @@ if (!function_exists("formatPonypush")) {
 
 if (!function_exists("generateToken")) {
     function generateToken(): string {
-        return str_replace("/", ".", base64_encode(random_bytes(96)));
+        return "peh" . str_replace("/", ".", base64_encode(random_bytes(96)));
     }
 }
 
diff --git a/includes/util/session.inc b/includes/util/session.inc
index 6cee8be..e3af58b 100644
--- a/includes/util/session.inc
+++ b/includes/util/session.inc
@@ -36,7 +36,7 @@ $token = $authorization ?? $post ?? $_POST["_session"] ?? $_GET["_session"] ?? $
 if (isset($token)) {
     if (!(str_contains($token, "/") || trim($token) === "" || trim($token) === "." || trim($token) === "..")) {
         if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))) {
-            $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true);
+            $data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))), true);
 
             if (isset($data["profile"])) {
                 $_PROFILE = $data["profile"];
@@ -51,7 +51,17 @@ if (isset($token)) {
                 $data["last"] = time();
                 if (!isset($data["addresses"])) $data["addresses"] = [];
                 $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time();
-                file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), json_encode($data));
+
+                copy($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), $_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token) . ".old");
+
+                file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data)));
+
+                if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)) === "")) {
+                    unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token));
+                    copy($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token) . ".old", $_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token));
+                }
+
+                unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token) . ".old");
             } else {
                 $_PROFILE = $data;
             }
@@ -63,7 +73,7 @@ if (isset($token)) {
 
             $isLoggedIn = true;
         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token))) {
-            $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)), true);
+            $data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token))), true);
 
             if (isset($data["profile"])) {
                 $_PROFILE = $data["profile"];
@@ -76,8 +86,19 @@ if (isset($token)) {
                 }
 
                 $data["last"] = time();
+                if (!isset($data["addresses"])) $data["addresses"] = [];
                 $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time();
-                file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), json_encode($data));
+
+                copy($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token), $_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token) . ".old");
+
+                file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data)));
+
+                if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)) === "")) {
+                    unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token));
+                    copy($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token) . ".old", $_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token));
+                }
+
+                unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token) . ".old");
             } else {
                 $_PROFILE = $data;
             }