diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/util/functions.inc | 14 | ||||
| -rw-r--r-- | includes/util/session.inc | 29 |
2 files changed, 38 insertions, 5 deletions
diff --git a/includes/util/functions.inc b/includes/util/functions.inc index 9b6f356..8b22709 100644 --- a/includes/util/functions.inc +++ b/includes/util/functions.inc @@ -5,6 +5,18 @@ require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/bitset.inc"; require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/homepage.inc"; require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/random.inc"; +if (!function_exists("pf_utf8_decode")) { + function pf_utf8_decode(string $string): string { + return iconv("UTF-8", "ISO-8859-1", $string); + } +} + +if (!function_exists("pf_utf8_encode")) { + function pf_utf8_encode(string $string): string { + return iconv("ISO-8859-1", "UTF-8", $string); + } +} + if (!function_exists("getLastFronted")) { function getLastFronted($members, $id) { foreach ($members as $member) { @@ -37,7 +49,7 @@ if (!function_exists("formatPonypush")) { if (!function_exists("generateToken")) { function generateToken(): string { - return str_replace("/", ".", base64_encode(random_bytes(96))); + return "peh" . str_replace("/", ".", base64_encode(random_bytes(96))); } } diff --git a/includes/util/session.inc b/includes/util/session.inc index 6cee8be..e3af58b 100644 --- a/includes/util/session.inc +++ b/includes/util/session.inc @@ -36,7 +36,7 @@ $token = $authorization ?? $post ?? $_POST["_session"] ?? $_GET["_session"] ?? $ if (isset($token)) { if (!(str_contains($token, "/") || trim($token) === "" || trim($token) === "." || trim($token) === "..")) { if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))) { - $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true); + $data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))), true); if (isset($data["profile"])) { $_PROFILE = $data["profile"]; @@ -51,7 +51,17 @@ if (isset($token)) { $data["last"] = time(); if (!isset($data["addresses"])) $data["addresses"] = []; $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), json_encode($data)); + + copy($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), $_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token) . ".old"); + + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data))); + + if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)) === "")) { + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)); + copy($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token) . ".old", $_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)); + } + + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token) . ".old"); } else { $_PROFILE = $data; } @@ -63,7 +73,7 @@ if (isset($token)) { $isLoggedIn = true; } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token))) { - $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)), true); + $data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token))), true); if (isset($data["profile"])) { $_PROFILE = $data["profile"]; @@ -76,8 +86,19 @@ if (isset($token)) { } $data["last"] = time(); + if (!isset($data["addresses"])) $data["addresses"] = []; $data["addresses"][$_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"]] = time(); - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), json_encode($data)); + + copy($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token), $_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token) . ".old"); + + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data))); + + if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)) === "")) { + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)); + copy($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token) . ".old", $_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token)); + } + + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . str_replace("/", "", $token) . ".old"); } else { $_PROFILE = $data; } |