1 files changed, 26 insertions, 0 deletions

diff --git a/pages/api/disconnect.php b/pages/api/disconnect.php
new file mode 100644
index 0000000..13363e6
--- /dev/null
+++ b/pages/api/disconnect.php
@@ -0,0 +1,26 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc";
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $isLowerLoggedIn; global $_PROFILE;
+if (!$isLoggedIn && !$isLowerLoggedIn) {
+    header("Location: /-/login");
+    die();
+}
+
+$list = array_filter([...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens"), ...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens")], function ($token) use ($_PROFILE) {
+    $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true);
+
+    return $token !== "." && $token !== ".." && isset($session["last"]) && isset($session["profile"]) && $session["profile"]["id"] === $_PROFILE["id"];
+});
+
+foreach ($list as $token) {
+    $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true);
+
+    if (isset($_GET["id"]) && sha1($token) . md5($token) === $_GET["id"]) {
+        if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token)) {
+            unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token);
+        } else {
+            unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token);
+        }
+    }
+}
\ No newline at end of file