diff options
Diffstat (limited to 'includes')
-rw-r--r-- | includes/external/pair/index.js | 2 | ||||
-rw-r--r-- | includes/util/session.inc | 39 |
2 files changed, 30 insertions, 11 deletions
diff --git a/includes/external/pair/index.js b/includes/external/pair/index.js index af7c3e4..f933232 100644 --- a/includes/external/pair/index.js +++ b/includes/external/pair/index.js @@ -90,7 +90,7 @@ wss.on('connection', (ws, req) => { } else { clients[ws.code] = { socket: ws, - name: (typeof data.name === "string" && data.name.length > 2 && data.name.length < 50) ? data.name : "<Unknown client>" + name: (typeof data.name === "string" && data.name.length > 2 && data.name.length < 100) ? data.name : "<Unknown client>" } ws.send(JSON.stringify({ diff --git a/includes/util/session.inc b/includes/util/session.inc index 81192b9..74f16ba 100644 --- a/includes/util/session.inc +++ b/includes/util/session.inc @@ -15,19 +15,38 @@ if (!function_exists("formatPonypush")) { } } -if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) { - if (!(str_contains($_COOKIE['PEH2_SESSION_TOKEN'], "/") || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "" || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "." || trim($_COOKIE["PEH2_SESSION_TOKEN"]) === "..")) { - if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))) { - $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true); +$authorization = null; +$post = null; + +if ($_SERVER['REQUEST_METHOD'] === "POST") { + $request_raw = file_get_contents('php://input'); + $json_object = $data = json_decode($request_raw, true); + + if (json_last_error() === JSON_ERROR_NONE) { + $post = $data["_session"]; + } +} + +if (isset($_SERVER['HTTP_AUTHORIZATION']) && str_starts_with(trim($_SERVER['HTTP_AUTHORIZATION']), "Bearer ")) { + $authorization = trim(substr($_SERVER['HTTP_AUTHORIZATION'], 7)); +} + +$token = $authorization ?? $post ?? $_POST["_session"] ?? $_GET["_session"] ?? $_COOKIE['PEH2_SESSION_TOKEN'] ?? null; + +if (isset($token)) { + if (!(str_contains($token, "/") || trim($token) === "" || trim($token) === "." || trim($token) === "..")) { + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))) { + $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true); if (isset($data["profile"])) { $_PROFILE = $data["profile"]; $data["last"] = time(); + if (!isset($data["addresses"])) $data["addresses"] = []; $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data)); + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), json_encode($data)); if (time() - $data["last"] > 86400 * 30) { - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])); + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)); unset($_PROFILE); $isLoggedIn = false; $isLowerLoggedIn = false; @@ -42,17 +61,17 @@ if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) { } $isLoggedIn = true; - } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']))) { - $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true); + } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token))) { + $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)), true); if (isset($data["profile"])) { $_PROFILE = $data["profile"]; $data["last"] = time(); $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data)); + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), json_encode($data)); if (time() - $data["last"] > 86400 * 30) { - unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])); + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)); unset($_PROFILE); $isLoggedIn = false; $isLowerLoggedIn = false; |