diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/components/explicit.php | 2 | ||||
| -rw-r--r-- | includes/components/footer.inc | 5 | ||||
| -rw-r--r-- | includes/components/navigation.inc | 8 | ||||
| -rw-r--r-- | includes/external/pair/reference.js | 13 | ||||
| -rw-r--r-- | includes/pages.json | 7 | ||||
| -rw-r--r-- | includes/util/functions.inc | 2 | ||||
| -rw-r--r-- | includes/util/session.inc | 42 |
7 files changed, 70 insertions, 9 deletions
diff --git a/includes/components/explicit.php b/includes/components/explicit.php index 4c55896..f7b4533 100644 --- a/includes/components/explicit.php +++ b/includes/components/explicit.php @@ -1,4 +1,4 @@ -<?php global $isLoggedIn; global $isLowerLoggedIn; global $_PROFILE; global $app; if ($isLoggedIn || $isLowerLoggedIn): ?> +<?php global $isLoggedIn; global $isLowerLoggedIn; global $_PROFILE; global $app; if (isset($_PROFILE["login"]) && $isLoggedIn || $isLowerLoggedIn): ?> <div class="modal" id="explicit-modal" data-bs-backdrop="static" data-bs-keyboard="false"> <div class="modal-dialog"> <div class="modal-content"> diff --git a/includes/components/footer.inc b/includes/components/footer.inc index 059d956..78c3148 100644 --- a/includes/components/footer.inc +++ b/includes/components/footer.inc @@ -6,6 +6,7 @@ global $pageFile; ?> +<script src="/assets/editor/ua-parser.js"></script> <div id="footer-pre"></div> <div id="footer"> <hr> @@ -35,7 +36,9 @@ global $pageFile; if (!item.classList.contains("tooltip-nohelp")) { item.style.cursor = "help"; } - }) + }); + + window.fetch("/api/rename?name=" + encodeURIComponent("Cold Haze Web (" + UAParser().browser.name + " on " + UAParser().os.name + ")")); </script> <?php if (isset($_GET["performance"])): ?> diff --git a/includes/components/navigation.inc b/includes/components/navigation.inc index a5aa734..9a777ce 100644 --- a/includes/components/navigation.inc +++ b/includes/components/navigation.inc @@ -214,6 +214,14 @@ $navigation_admin = [ "private" => true ], [ + "name" => $pages["sessions"]["name"][$lang["_name"]], + "icon" => "/assets/icons/sessions.svg", + "invert" => true, + "link" => "/-/sessions", + "stepped" => null, + "private" => true + ], + [ "name" => $pages["logout"]["name"][$lang["_name"]], "icon" => "/assets/icons/logout.svg", "invert" => true, diff --git a/includes/external/pair/reference.js b/includes/external/pair/reference.js index 1d9fd46..16d1653 100644 --- a/includes/external/pair/reference.js +++ b/includes/external/pair/reference.js @@ -43,7 +43,18 @@ ws.on('message', (raw) => { // server as the 'PEH2_SESSION_TOKEN' cookie when making an authenticated request. console.log(`Token: ${data.token.substring(0, 10)}${"*".repeat(data.token.length - 10)}`); // The token is stored in 'data.token', the code above censors all but the first 10 characters. - process.exit(); + // Once you have the token, you can make authenticated requests: + fetch("https://ponies.equestria.horse/api/session", { + // The 'session' endpoint returns information about the current session (name, IPs, dates, ...) + headers: { + Cookie: "PEH2_SESSION_TOKEN=" + data.token // Passing the token as a cookie + } + }).then((res) => { + res.json().then((data) => { // Most (if not all) endpoints return JSON data + console.log(data); + process.exit(); + }); + }); break; case "reject": diff --git a/includes/pages.json b/includes/pages.json index c1d7b20..4753214 100644 --- a/includes/pages.json +++ b/includes/pages.json @@ -174,6 +174,13 @@ "admin": true, "limited": true }, + "sessions": { + "name": { + "en": "Sessions" + }, + "admin": true, + "limited": true + }, "splitting": { "name": { "en": "By splitting date" diff --git a/includes/util/functions.inc b/includes/util/functions.inc index 9727b51..3d84bb7 100644 --- a/includes/util/functions.inc +++ b/includes/util/functions.inc @@ -25,7 +25,7 @@ if (!function_exists("formatPonypush")) { if (!function_exists("generateToken")) { function generateToken(): string { - return bin2hex(random_bytes(32)); + return str_replace("/", ".", base64_encode(random_bytes(96))); } } diff --git a/includes/util/session.inc b/includes/util/session.inc index 0a5999f..81192b9 100644 --- a/includes/util/session.inc +++ b/includes/util/session.inc @@ -16,9 +16,25 @@ if (!function_exists("formatPonypush")) { } if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) { - if (!(str_contains($_COOKIE['PEH2_SESSION_TOKEN'], ".") || str_contains($_COOKIE['PEH2_SESSION_TOKEN'], "/") || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "")) { - if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])))) { - $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))), true); + if (!(str_contains($_COOKIE['PEH2_SESSION_TOKEN'], "/") || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "" || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "." || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "..")) { + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))) { + $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true); + + if (isset($data["profile"])) { + $_PROFILE = $data["profile"]; + $data["last"] = time(); + $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data)); + + if (time() - $data["last"] > 86400 * 30) { + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])); + unset($_PROFILE); + $isLoggedIn = false; + $isLowerLoggedIn = false; + } + } else { + $_PROFILE = $data; + } if (isset($_GET['invert'])) { $_PROFILE["login"] = $_PROFILE["login"] === "raindrops" ? "cloudburst" : "raindrops"; @@ -26,8 +42,24 @@ if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) { } $isLoggedIn = true; - } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])))) { - $_PROFILE = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))), true); + } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))) { + $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true); + + if (isset($data["profile"])) { + $_PROFILE = $data["profile"]; + $data["last"] = time(); + $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data)); + + if (time() - $data["last"] > 86400 * 30) { + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])); + unset($_PROFILE); + $isLoggedIn = false; + $isLowerLoggedIn = false; + } + } else { + $_PROFILE = $data; + } $isLowerLoggedIn = true; } |