diff options
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/api/rename.php | 4 | ||||
| -rw-r--r-- | pages/api/session.php | 6 | ||||
| -rw-r--r-- | pages/home.inc | 2 | ||||
| -rw-r--r-- | pages/sessions.inc | 8 |
4 files changed, 10 insertions, 10 deletions
diff --git a/pages/api/rename.php b/pages/api/rename.php index 3aab034..4e01b06 100644 --- a/pages/api/rename.php +++ b/pages/api/rename.php @@ -15,7 +15,7 @@ $obj = [ ]; global $token; -$data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token))), true); +$data = json_decode(pf_utf8_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token))), true); $data["name"] = $_POST["name"] ?? $_GET["name"] ?? $data["name"]; $obj["pre_name"] = $data["name"]; @@ -33,5 +33,5 @@ if (json_last_error() === JSON_ERROR_NONE) { $obj["new_name"] = $data["name"]; -file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data))); +file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token), pf_utf8_encode(json_encode($data))); die(json_encode($obj));
\ No newline at end of file diff --git a/pages/api/session.php b/pages/api/session.php index d410c10..25d833d 100644 --- a/pages/api/session.php +++ b/pages/api/session.php @@ -7,9 +7,9 @@ header("Content-Type: application/json"); global $token; if (isset($_GET["raw"])) { - die(json_encode(json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true), JSON_PRETTY_PRINT)); + die(json_encode(json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)), true), JSON_PRETTY_PRINT)); } else { - if (!$isLoggedIn || $isLowerLoggedIn) { + if (!$isLoggedIn || $isLowerLoggedIn) { die(json_encode([ "name" => null, "created" => null, @@ -18,7 +18,7 @@ if (isset($_GET["raw"])) { ], JSON_PRETTY_PRINT)); } - $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $token)), true); + $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . str_replace("/", "", $token)), true); die(json_encode([ "name" => $data["name"], diff --git a/pages/home.inc b/pages/home.inc index 6e2c073..8ea2879 100644 --- a/pages/home.inc +++ b/pages/home.inc @@ -184,7 +184,7 @@ function members() { global $isLoggedIn; global $isLowerLoggedIn; global $app; ? <?php if (isset($_COOKIE["PEH2_SESSION_TOKEN"]) && $_COOKIE["PEH2_SESSION_TOKEN"] !== "" && !$isLoggedIn && !$isLowerLoggedIn): ?> <div class="alert alert-warning" style="margin-top:20px;"> - <b>You were previously logged in to Cold Haze, </b>however you have been logged out due to inactivity, due to your device being removed, or due to switching to a new authentication system. Please log in again. <a href="https://bugs.equestria.dev/issue/CH-56/Better-session-security" target="_blank">Learn more.</a> + <b>You were previously logged in to Cold Haze, </b>however you have been logged out due to inactivity, due to your device being removed, or due to switching to a new authentication system (such as the v3). Please log in again. <a href="https://bugs.equestria.dev/issue/CH-56/Better-session-security" target="_blank">Learn more.</a> </div> <?php endif; ?> diff --git a/pages/sessions.inc b/pages/sessions.inc index e24a78f..f324494 100644 --- a/pages/sessions.inc +++ b/pages/sessions.inc @@ -37,13 +37,13 @@ $verifiedNames = [ $list = array_filter([...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens"), ...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens")], function ($token) { if ($token === "." || $token === "..") return false; - $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true); + $session = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token), true); return isset($session["last"]) && isset($session["profile"]); }); usort($list, function ($token1, $token2) { - $session1 = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token1) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token1), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token1), true); - $session2 = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token2) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token2), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token2), true); + $session1 = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token1), true); + $session2 = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token2), true); if (isset($session1["last"]) && isset($session2["last"])) { return $session2["last"] - $session1["last"]; @@ -54,7 +54,7 @@ $verifiedNames = [ $addressFetchIndex = 0; - foreach ($list as $token): $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true); if (isset($session["profile"]) && isset($session["name"]) && ($session["profile"]["id"] ?? "") === ($_PROFILE["id"] ?? "")): uasort($session["addresses"], function ($a, $b) { + foreach ($list as $token): $session = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token), true); if (isset($session["profile"]) && isset($session["name"]) && ($session["profile"]["id"] ?? "") === ($_PROFILE["id"] ?? "")): uasort($session["addresses"], function ($a, $b) { return $b - $a; }); ?> <a class="list-group-item list-group-item-action" onclick="logOut("<?= sha1($token) . md5($token) ?>");"> |