From e5383a35a842d58611af99b58e072b7c3bd8294b Mon Sep 17 00:00:00 2001
From: RaindropsSys <contact@minteck.org>
Date: Mon, 12 Jun 2023 23:01:36 +0200
Subject: Updated 3 files (automated)

---
 app.php                      |  1 +
 pages/api/reauthenticate.php | 16 ++++++++++++++--
 pages/sessions.inc           | 39 ++++++++++++++++++++++++++++++++++++---
 3 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/app.php b/app.php
index 6506a4a..2f589d4 100644
--- a/app.php
+++ b/app.php
@@ -2,6 +2,7 @@
 
 ob_start();
 
+//if (true) {
 if (!str_starts_with($_SERVER['REQUEST_URI'], "/api")) {
     require_once $_SERVER['DOCUMENT_ROOT'] . "/error.php";
     set_error_handler("ch_error");
diff --git a/pages/api/reauthenticate.php b/pages/api/reauthenticate.php
index fe10d28..2b5a8ca 100644
--- a/pages/api/reauthenticate.php
+++ b/pages/api/reauthenticate.php
@@ -14,7 +14,13 @@ $newToken = generateToken();
 
 if (isset($_COOKIE['PEH2_SESSION_TOKEN']) && $isLoggedIn) {
     $old = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $_COOKIE['PEH2_SESSION_TOKEN']), true);
-    $old["name"] = base64_decode($_GET["name"] ?? "LQo=");
+
+    if (!isset($_GET["plain"])) {
+        $old["name"] = base64_decode($_GET["name"] ?? "LQo=");
+    } else {
+        $old["name"] = $_GET["name"] ?? "-";
+    }
+
     $old["created"] = time();
     $old["addresses"] = [];
     $old["last"] = time();
@@ -23,7 +29,13 @@ if (isset($_COOKIE['PEH2_SESSION_TOKEN']) && $isLoggedIn) {
     file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $newToken, json_encode($old));
 } else if (isset($_COOKIE['PEH2_SESSION_TOKEN']) && $isLowerLoggedIn) {
     $old = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $_COOKIE['PEH2_SESSION_TOKEN']), true);
-    $old["name"] = base64_decode($_GET["name"] ?? "LQo=");
+
+    if (!isset($_GET["plain"])) {
+        $old["name"] = base64_decode($_GET["name"] ?? "LQo=");
+    } else {
+        $old["name"] = $_GET["name"] ?? "-";
+    }
+
     $old["created"] = time();
     $old["addresses"] = [];
     $old["last"] = time();
diff --git a/pages/sessions.inc b/pages/sessions.inc
index d782128..a8734ac 100644
--- a/pages/sessions.inc
+++ b/pages/sessions.inc
@@ -3,6 +3,22 @@
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/init.inc"; global $title; global $isLoggedIn; global $isLowerLoggedIn; global $lang; global $pages;
 require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/components/header.inc'; global $_PROFILE;
 
+$verified = [
+    dns_get_record("zephyrheights.equestria.dev", DNS_A)[0]["ip"],
+    dns_get_record("maretimebay.equestria.dev", DNS_A)[0]["ip"],
+    dns_get_record("bridlewood.equestria.dev", DNS_A)[0]["ip"],
+    dns_get_record("cloudsdale.equestria.dev", DNS_A)[0]["ip"],
+    dns_get_record("manehattan.equestria.dev", DNS_A)[0]["ip"],
+];
+
+$verifiedNames = [
+    "Raindrops System",
+    "Raindrops System",
+    "Equestria.dev bridlewood",
+    "Cloudburst System",
+    "Equestria.dev manehattan"
+];
+
 ?>
 
 <br>
@@ -34,20 +50,37 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/components/header.inc'; glob
             }
         });
 
+        $addressFetchIndex = 0;
+
         foreach ($list as $token): $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true); if (isset($session["profile"]) && isset($session["name"]) && ($session["profile"]["id"] ?? "") === ($_PROFILE["id"] ?? "")): uasort($session["addresses"], function ($a, $b) {
             return $b - $a;
         }); ?>
         <a class="list-group-item list-group-item-action" onclick="logOut(&quot;<?= sha1($token) . md5($token) ?>&quot;);">
             <b><?= $session["name"] ?></b><?php if ($token === $_COOKIE["PEH2_SESSION_TOKEN"]): ?><span style="margin-left: 10px;" class="badge bg-primary">This device</span><?php endif; ?><script>window.devices["<?= sha1($token) . md5($token) ?>"]=JSON.parse(`<?= json_encode([
-                    "name" => $session["name"],
-                    "lastIP" => array_keys($session["addresses"])[count(array_keys($session["addresses"])) - 1],
+                    "name" => trim($session["name"]),
+                    "lastIP" => array_keys($session["addresses"])[count(array_keys($session["addresses"])) > 0 ? count(array_keys($session["addresses"])) - 1 : 0] ?? "-",
                     "lastSeen" => timeAgo($session["last"]),
                     "currentDevice" => $token === $_COOKIE["PEH2_SESSION_TOKEN"]
             ]) ?>`);</script><br>
             Logged in <?= timeAgo($session["created"]) ?>, last activity <?= timeAgo($session["last"]) ?>
             <blockquote class="session-bq">
                 <?php foreach ($session["addresses"] as $address => $last): ?>
-                    <?= $address ?> · <?= timeAgo($last) ?><br>
+                    <?= $address ?><?php if (in_array($address, $verified)): ?><span class="text-success" style="filter: invert(1) hue-rotate(180deg);"> (verified: <?= $verifiedNames[array_search($address, $verified)] ?? "-" ?>)</span><?php else: ?> <span class="text-muted" style="filter: invert(1) hue-rotate(180deg);" id="aft-<?= $addressFetchIndex ?>">(unverified: …)<script>
+                            setTimeout(async () => {
+                                let json = JSON.parse(await (await fetch("https://api.iplocation.net/?ip=<?= $address ?>")).text());
+
+                                if (
+                                    (json['country_code2'] !== "FR" && json['country_code2'] !== "GB") ||
+                                    (json['isp'] === "Academie Orleans-Tours" && json['isp'] === "Free Mobile SAS" && json['isp'] === "Google One Services" && json['isp'] === "Vodafone Ltd" && json['isp'] === "Telefonica UK Limited")
+                                ) {
+                                    document.getElementById("aft-<?= $addressFetchIndex ?>").classList.remove("text-muted");
+                                    document.getElementById("aft-<?= $addressFetchIndex ?>").classList.add("text-danger");
+                                    document.getElementById("aft-<?= $addressFetchIndex ?>").innerText = `(unsafe: ${json['isp']}, ${json['country_code2'] === "GB" ? "UK" : json['country_code2']})`;
+                                } else {
+                                    document.getElementById("aft-<?= $addressFetchIndex ?>").innerText = `(unverified: ${json['isp']}, ${json['country_code2'] === "GB" ? "UK" : json['country_code2']})`;
+                                }
+                            }, 500 * <?= $addressFetchIndex ?>);
+                        </script></span><?php $addressFetchIndex++; endif; ?> · <?= timeAgo($last) ?><br>
                 <?php endforeach; ?>
             </blockquote>
         </a>
-- 
cgit