diff options
Diffstat (limited to 'pages/api/disconnect.php')
| -rw-r--r-- | pages/api/disconnect.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/pages/api/disconnect.php b/pages/api/disconnect.php index c4cf0bd..ffd3f40 100644 --- a/pages/api/disconnect.php +++ b/pages/api/disconnect.php @@ -13,13 +13,21 @@ $list = array_filter([...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens") $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true); - return isset($session["last"]) && isset($session["profile"]) && ($session["profile"]["id"] ?? "") === ($_PROFILE["id"] ?? ""); + return isset($session["id"]) && $session["id"] === ($_PROFILE["id"] ?? ""); }); +var_dump($list); + foreach ($list as $token) { $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true); - if (isset($_GET["id"]) && sha1($token) . md5($token) === $_GET["id"]) { + var_dump(bin2hex(substr($token, 0, 50)), trim($_GET["id"])); + + if (bin2hex(substr($token, 0, 50)) === trim($_GET["id"])) { + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token)) { + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token); + } + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token)) { unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token); } else { |