blob: ffd3f407d94bf763e2a3b6694648b4a2403f8988 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc";
require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $isLowerLoggedIn; global $_PROFILE;
if (!$isLoggedIn && !$isLowerLoggedIn) {
header("Location: /-/login");
die();
}
$list = array_filter([...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens"), ...scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens")], function ($token) {
global $_PROFILE;
if ($token === "." || $token === "..") return false;
$session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true);
return isset($session["id"]) && $session["id"] === ($_PROFILE["id"] ?? "");
});
var_dump($list);
foreach ($list as $token) {
$session = file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token) ? json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token), true) : json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token), true);
var_dump(bin2hex(substr($token, 0, 50)), trim($_GET["id"]));
if (bin2hex(substr($token, 0, 50)) === trim($_GET["id"])) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token)) {
unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/sessions/" . $token);
}
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token)) {
unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token);
} else {
unlink($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token);
}
}
}
|
