From 21ed7d0e837d74c1ebd8ada4396f96ce42c14fb1 Mon Sep 17 00:00:00 2001 From: RaindropsSys <contact@minteck.org> Date: Sat, 13 May 2023 19:25:44 +0200 Subject: Updated 14 files and added 6 files (automated) --- pages/api/browser.php | 4 ++++ pages/api/computer.php | 6 +++++- pages/api/disconnect.php | 26 ++++++++++++++++++++++++++ pages/api/reauthenticate.php | 8 +++++++- pages/api/rename.php | 17 +++++++++++++++++ pages/api/session.php | 24 ++++++++++++++++++++++++ 6 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 pages/api/browser.php create mode 100644 pages/api/disconnect.php create mode 100644 pages/api/rename.php create mode 100644 pages/api/session.php (limited to 'pages/api') diff --git a/pages/api/browser.php b/pages/api/browser.php new file mode 100644 index 0000000..657b2a7 --- /dev/null +++ b/pages/api/browser.php @@ -0,0 +1,4 @@ +<?php + +header("Content-Type: application/json"); +die(json_encode(get_browser(), JSON_PRETTY_PRINT)); \ No newline at end of file diff --git a/pages/api/computer.php b/pages/api/computer.php index a9b87ae..f5117f9 100644 --- a/pages/api/computer.php +++ b/pages/api/computer.php @@ -6,7 +6,11 @@ if (isset($_GET["chrome"])) { } require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $_PROFILE; -if (!$isLoggedIn) header("Location: /-/login") and die(); + +if (!$isLoggedIn || !isset($_PROFILE) || !isset($_PROFILE["login"])) { + header("Location: /-/login"); + die(); +} $request_raw = file_get_contents('php://input'); $json_object = json_decode($request_raw, true); diff --git a/pages/api/disconnect.php b/pages/api/disconnect.php new file mode 100644 index 0000000..13363e6 --- /dev/null +++ b/pages/api/disconnect.php @@ -0,0 +1,26 @@ +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc"; +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $isLowerLoggedIn; global $_PROFILE; +if (!$isLoggedIn && !$isLowerLoggedIn) { + header("Location: /-/login"); + die(); +} + +$list = array_filter([...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens"), ...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens")], function ($token) use ($_PROFILE) { + $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true); + + return $token !== "." && $token !== ".." && isset($session["last"]) && isset($session["profile"]) && $session["profile"]["id"] === $_PROFILE["id"]; +}); + +foreach ($list as $token) { + $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true); + + if (isset($_GET["id"]) && sha1($token) . md5($token) === $_GET["id"]) { + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token)) { + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token); + } else { + unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token); + } + } +} \ No newline at end of file diff --git a/pages/api/reauthenticate.php b/pages/api/reauthenticate.php index 50657cc..e726e8e 100644 --- a/pages/api/reauthenticate.php +++ b/pages/api/reauthenticate.php @@ -13,7 +13,13 @@ if (!$isLoggedIn || $isLowerLoggedIn) { $newToken = generateToken(); if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) { - file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $newToken, file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $_COOKIE['PEH2_SESSION_TOKEN'])); + $old = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $_COOKIE['PEH2_SESSION_TOKEN']), true); + $old["name"] = base64_decode($_GET["name"] ?? "LQo="); + $old["created"] = time(); + $old["addresses"] = []; + $old["last"] = time(); + + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $newToken, json_encode($old)); } die($newToken); \ No newline at end of file diff --git a/pages/api/rename.php b/pages/api/rename.php new file mode 100644 index 0000000..d450557 --- /dev/null +++ b/pages/api/rename.php @@ -0,0 +1,17 @@ +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc"; +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $isLowerLoggedIn; + +header("Content-Type: application/json"); + +if (!$isLoggedIn || $isLowerLoggedIn) { + header("Location: /-/login"); + die(); +} + +$data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true); + +$data["name"] = $_GET["name"] ?? $data["name"]; + +file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN']), json_encode($data)); \ No newline at end of file diff --git a/pages/api/session.php b/pages/api/session.php new file mode 100644 index 0000000..f91288e --- /dev/null +++ b/pages/api/session.php @@ -0,0 +1,24 @@ +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc"; +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $isLowerLoggedIn; + +header("Content-Type: application/json"); + +if (!$isLoggedIn || $isLowerLoggedIn) { + die(json_encode([ + "name" => null, + "created" => null, + "last_seen" => null, + "seen_at" => null + ], JSON_PRETTY_PRINT)); +} + +$data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . str_replace("/", "", $_COOKIE['PEH2_SESSION_TOKEN'])), true); + +die(json_encode([ + "name" => $data["name"], + "created" => date('c', $data["created"]), + "last_seen" => date('c', $data["last"]), + "seen_at" => array_keys($data["addresses"]) +], JSON_PRETTY_PRINT)); \ No newline at end of file -- cgit