Refactor checksession.php, wouldn't it be good to have a test-env atm :D
This commit is contained in:
parent
09d0c71569
commit
9cfd71254c
@ -1,107 +1,114 @@
|
||||
<?php
|
||||
session_start();
|
||||
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
|
||||
$username = $_SESSION['username'];
|
||||
$main_currency = $_SESSION['main_currency'];
|
||||
$sql = "SELECT * FROM user WHERE username = :username";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
|
||||
$result = $stmt->execute();
|
||||
$userData = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$userId = $userData['id'];
|
||||
function login_failed()
|
||||
{
|
||||
header("Location: logout.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
if ($userData === false) {
|
||||
header('Location: logout.php');
|
||||
exit();
|
||||
} else {
|
||||
$_SESSION['userId'] = $userData['id'];
|
||||
}
|
||||
session_start();
|
||||
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
|
||||
$username = $_SESSION['username'];
|
||||
$main_currency = $_SESSION['main_currency'];
|
||||
$sql = "SELECT * FROM user WHERE username = :username";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
|
||||
$result = $stmt->execute();
|
||||
$userData = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$userId = $userData['id'];
|
||||
|
||||
if ($userData['avatar'] == "") {
|
||||
$userData['avatar'] = "0";
|
||||
}
|
||||
} else {
|
||||
// Read X-WebAuth-User header as option for login
|
||||
if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
|
||||
$username = $_SERVER['HTTP_X_WEBAUTH_USER'];
|
||||
$query = "SELECT id, username, main_currency, language FROM user WHERE username = :username";
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(':id', 1, SQLITE3_INTEGER);
|
||||
$result = $stmt->execute();
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
|
||||
if ($row) {
|
||||
$_SESSION['username'] = $row['username'];
|
||||
$_SESSION['loggedin'] = true;
|
||||
$_SESSION['main_currency'] = $row['main_currency'];
|
||||
$_SESSION['userId'] = $row['id'];
|
||||
$_SESSION['language'] = $row['language'];
|
||||
} else {
|
||||
$db->close();
|
||||
header("Location: logout.php");
|
||||
exit();
|
||||
}
|
||||
} else if (isset($_COOKIE['wallos_login'])) {
|
||||
$cookie = explode('|', $_COOKIE['wallos_login'], 3);
|
||||
$username = $cookie[0];
|
||||
$token = $cookie[1];
|
||||
$main_currency = $cookie[2];
|
||||
|
||||
$sql = "SELECT * FROM user WHERE username = :username";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
|
||||
$result = $stmt->execute();
|
||||
|
||||
if ($result) {
|
||||
$userData = $result->fetchArray(SQLITE3_ASSOC);
|
||||
if (!isset($userData['id'])) {
|
||||
$db->close();
|
||||
header("Location: logout.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
if ($userData['avatar'] == "") {
|
||||
$userData['avatar'] = "0";
|
||||
}
|
||||
$userId = $userData['id'];
|
||||
$main_currency = $userData['main_currency'];
|
||||
|
||||
$adminQuery = "SELECT login_disabled FROM admin";
|
||||
$adminResult = $db->query($adminQuery);
|
||||
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
|
||||
if ($adminRow['login_disabled'] == 1) {
|
||||
$sql = "SELECT * FROM login_tokens WHERE user_id = :userId";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindParam(':userId', $userId, SQLITE3_TEXT);
|
||||
} else {
|
||||
$sql = "SELECT * FROM login_tokens WHERE user_id = :userId AND token = :token";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindParam(':userId', $userId, SQLITE3_TEXT);
|
||||
$stmt->bindParam(':token', $token, SQLITE3_TEXT);
|
||||
}
|
||||
$result = $stmt->execute();
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
|
||||
if ($row != false) {
|
||||
$_SESSION['username'] = $username;
|
||||
$_SESSION['token'] = $token;
|
||||
$_SESSION['loggedin'] = true;
|
||||
$_SESSION['main_currency'] = $main_currency;
|
||||
$_SESSION['userId'] = $userId;
|
||||
} else {
|
||||
$db->close();
|
||||
header("Location: logout.php");
|
||||
exit();
|
||||
}
|
||||
} else {
|
||||
$db->close();
|
||||
header("Location: logout.php");
|
||||
exit();
|
||||
}
|
||||
} else {
|
||||
$db->close();
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
if ($userData === false) {
|
||||
header('Location: logout.php');
|
||||
exit();
|
||||
}
|
||||
|
||||
$_SESSION['userId'] = $userData['id'];
|
||||
|
||||
if ($userData['avatar'] == "") {
|
||||
$userData['avatar'] = "0";
|
||||
}
|
||||
} else if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
|
||||
$username = $_SERVER['HTTP_X_WEBAUTH_USER'];
|
||||
|
||||
$sql = "SELECT * FROM user WHERE username = :username";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
|
||||
$result = $stmt->execute();
|
||||
$userData = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$userId = $userData['id'];
|
||||
|
||||
if ($userData === false) {
|
||||
header('Location: logout.php');
|
||||
exit();
|
||||
}
|
||||
|
||||
$_SESSION['userId'] = $userData['id'];
|
||||
$_SESSION['username'] = $userData['username'];
|
||||
$_SESSION['loggedin'] = true;
|
||||
$_SESSION['main_currency'] = $userData['main_currency'];
|
||||
$_SESSION['language'] = $userData['language'];
|
||||
|
||||
if ($userData['avatar'] == "") {
|
||||
$userData['avatar'] = "0";
|
||||
}
|
||||
} else if (isset($_COOKIE['wallos_login'])) {
|
||||
$cookie = explode('|', $_COOKIE['wallos_login'], 3);
|
||||
$username = $cookie[0];
|
||||
$token = $cookie[1];
|
||||
$main_currency = $cookie[2];
|
||||
|
||||
$sql = "SELECT * FROM user WHERE username = :username";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
|
||||
$result = $stmt->execute();
|
||||
|
||||
if (!$result) {
|
||||
$db->close();
|
||||
login_failed();
|
||||
}
|
||||
|
||||
$userData = $result->fetchArray(SQLITE3_ASSOC);
|
||||
if (!isset($userData['id'])) {
|
||||
$db->close();
|
||||
login_failed();
|
||||
}
|
||||
|
||||
if ($userData['avatar'] == "") {
|
||||
$userData['avatar'] = "0";
|
||||
}
|
||||
|
||||
$userId = $userData['id'];
|
||||
$main_currency = $userData['main_currency'];
|
||||
|
||||
$adminQuery = "SELECT login_disabled FROM admin";
|
||||
$adminResult = $db->query($adminQuery);
|
||||
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
|
||||
|
||||
if ($adminRow['login_disabled'] == 1) {
|
||||
$sql = "SELECT * FROM login_tokens WHERE user_id = :userId";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindParam(':userId', $userId, SQLITE3_TEXT);
|
||||
} else {
|
||||
$sql = "SELECT * FROM login_tokens WHERE user_id = :userId AND token = :token";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->bindParam(':userId', $userId, SQLITE3_TEXT);
|
||||
$stmt->bindParam(':token', $token, SQLITE3_TEXT);
|
||||
}
|
||||
|
||||
$result = $stmt->execute();
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
|
||||
if (!$row) {
|
||||
$db->close();
|
||||
login_failed();
|
||||
}
|
||||
|
||||
$_SESSION['username'] = $username;
|
||||
$_SESSION['token'] = $token;
|
||||
$_SESSION['loggedin'] = true;
|
||||
$_SESSION['main_currency'] = $main_currency;
|
||||
$_SESSION['userId'] = $userId;
|
||||
} else {
|
||||
$db->close();
|
||||
login_failed();
|
||||
}
|
||||
?>
|
||||
Loading…
Reference in New Issue
Block a user