pages/api/disconnect.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

<?php

require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc";
require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $isLowerLoggedIn; global $_PROFILE;
if (!$isLoggedIn && !$isLowerLoggedIn) {
    header("Location: /-/login");
    die();
}

$list = array_filter([...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens"), ...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens")], function ($token) {
    global $_PROFILE;
    if ($token === "." || $token === "..") return false;

    $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true);

    return isset($session["last"]) && isset($session["profile"]) && ($session["profile"]["id"] ?? "") === ($_PROFILE["id"] ?? "");
});

foreach ($list as $token) {
    $session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true);

    if (isset($_GET["id"]) && sha1($token) . md5($token) === $_GET["id"]) {
        if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token)) {
            unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token);
        } else {
            unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token);
        }
    }
}