From 9cfd71254cde9e480f616864d132436866918427 Mon Sep 17 00:00:00 2001 From: Joshua Coles Date: Mon, 10 Jun 2024 14:33:01 +0100 Subject: [PATCH] Refactor checksession.php, wouldn't it be good to have a test-env atm :D --- includes/checksession.php | 211 ++++++++++++++++++++------------------ 1 file changed, 109 insertions(+), 102 deletions(-) diff --git a/includes/checksession.php b/includes/checksession.php index 7c98fe4..af06021 100644 --- a/includes/checksession.php +++ b/includes/checksession.php @@ -1,107 +1,114 @@ prepare($sql); - $stmt->bindValue(':username', $username, SQLITE3_TEXT); - $result = $stmt->execute(); - $userData = $result->fetchArray(SQLITE3_ASSOC); - $userId = $userData['id']; +function login_failed() +{ + header("Location: logout.php"); + exit(); +} - if ($userData === false) { - header('Location: logout.php'); - exit(); - } else { - $_SESSION['userId'] = $userData['id']; - } +session_start(); +if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) { + $username = $_SESSION['username']; + $main_currency = $_SESSION['main_currency']; + $sql = "SELECT * FROM user WHERE username = :username"; + $stmt = $db->prepare($sql); + $stmt->bindValue(':username', $username, SQLITE3_TEXT); + $result = $stmt->execute(); + $userData = $result->fetchArray(SQLITE3_ASSOC); + $userId = $userData['id']; - if ($userData['avatar'] == "") { - $userData['avatar'] = "0"; - } - } else { - // Read X-WebAuth-User header as option for login - if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) { - $username = $_SERVER['HTTP_X_WEBAUTH_USER']; - $query = "SELECT id, username, main_currency, language FROM user WHERE username = :username"; - $stmt = $db->prepare($query); - $stmt->bindValue(':id', 1, SQLITE3_INTEGER); - $result = $stmt->execute(); - $row = $result->fetchArray(SQLITE3_ASSOC); - - if ($row) { - $_SESSION['username'] = $row['username']; - $_SESSION['loggedin'] = true; - $_SESSION['main_currency'] = $row['main_currency']; - $_SESSION['userId'] = $row['id']; - $_SESSION['language'] = $row['language']; - } else { - $db->close(); - header("Location: logout.php"); - exit(); - } - } else if (isset($_COOKIE['wallos_login'])) { - $cookie = explode('|', $_COOKIE['wallos_login'], 3); - $username = $cookie[0]; - $token = $cookie[1]; - $main_currency = $cookie[2]; - - $sql = "SELECT * FROM user WHERE username = :username"; - $stmt = $db->prepare($sql); - $stmt->bindValue(':username', $username, SQLITE3_TEXT); - $result = $stmt->execute(); - - if ($result) { - $userData = $result->fetchArray(SQLITE3_ASSOC); - if (!isset($userData['id'])) { - $db->close(); - header("Location: logout.php"); - exit(); - } - - if ($userData['avatar'] == "") { - $userData['avatar'] = "0"; - } - $userId = $userData['id']; - $main_currency = $userData['main_currency']; - - $adminQuery = "SELECT login_disabled FROM admin"; - $adminResult = $db->query($adminQuery); - $adminRow = $adminResult->fetchArray(SQLITE3_ASSOC); - if ($adminRow['login_disabled'] == 1) { - $sql = "SELECT * FROM login_tokens WHERE user_id = :userId"; - $stmt = $db->prepare($sql); - $stmt->bindParam(':userId', $userId, SQLITE3_TEXT); - } else { - $sql = "SELECT * FROM login_tokens WHERE user_id = :userId AND token = :token"; - $stmt = $db->prepare($sql); - $stmt->bindParam(':userId', $userId, SQLITE3_TEXT); - $stmt->bindParam(':token', $token, SQLITE3_TEXT); - } - $result = $stmt->execute(); - $row = $result->fetchArray(SQLITE3_ASSOC); - - if ($row != false) { - $_SESSION['username'] = $username; - $_SESSION['token'] = $token; - $_SESSION['loggedin'] = true; - $_SESSION['main_currency'] = $main_currency; - $_SESSION['userId'] = $userId; - } else { - $db->close(); - header("Location: logout.php"); - exit(); - } - } else { - $db->close(); - header("Location: logout.php"); - exit(); - } - } else { - $db->close(); - header("Location: login.php"); - exit(); - } + if ($userData === false) { + header('Location: logout.php'); + exit(); } + + $_SESSION['userId'] = $userData['id']; + + if ($userData['avatar'] == "") { + $userData['avatar'] = "0"; + } +} else if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) { + $username = $_SERVER['HTTP_X_WEBAUTH_USER']; + + $sql = "SELECT * FROM user WHERE username = :username"; + $stmt = $db->prepare($sql); + $stmt->bindValue(':username', $username, SQLITE3_TEXT); + $result = $stmt->execute(); + $userData = $result->fetchArray(SQLITE3_ASSOC); + $userId = $userData['id']; + + if ($userData === false) { + header('Location: logout.php'); + exit(); + } + + $_SESSION['userId'] = $userData['id']; + $_SESSION['username'] = $userData['username']; + $_SESSION['loggedin'] = true; + $_SESSION['main_currency'] = $userData['main_currency']; + $_SESSION['language'] = $userData['language']; + + if ($userData['avatar'] == "") { + $userData['avatar'] = "0"; + } +} else if (isset($_COOKIE['wallos_login'])) { + $cookie = explode('|', $_COOKIE['wallos_login'], 3); + $username = $cookie[0]; + $token = $cookie[1]; + $main_currency = $cookie[2]; + + $sql = "SELECT * FROM user WHERE username = :username"; + $stmt = $db->prepare($sql); + $stmt->bindValue(':username', $username, SQLITE3_TEXT); + $result = $stmt->execute(); + + if (!$result) { + $db->close(); + login_failed(); + } + + $userData = $result->fetchArray(SQLITE3_ASSOC); + if (!isset($userData['id'])) { + $db->close(); + login_failed(); + } + + if ($userData['avatar'] == "") { + $userData['avatar'] = "0"; + } + + $userId = $userData['id']; + $main_currency = $userData['main_currency']; + + $adminQuery = "SELECT login_disabled FROM admin"; + $adminResult = $db->query($adminQuery); + $adminRow = $adminResult->fetchArray(SQLITE3_ASSOC); + + if ($adminRow['login_disabled'] == 1) { + $sql = "SELECT * FROM login_tokens WHERE user_id = :userId"; + $stmt = $db->prepare($sql); + $stmt->bindParam(':userId', $userId, SQLITE3_TEXT); + } else { + $sql = "SELECT * FROM login_tokens WHERE user_id = :userId AND token = :token"; + $stmt = $db->prepare($sql); + $stmt->bindParam(':userId', $userId, SQLITE3_TEXT); + $stmt->bindParam(':token', $token, SQLITE3_TEXT); + } + + $result = $stmt->execute(); + $row = $result->fetchArray(SQLITE3_ASSOC); + + if (!$row) { + $db->close(); + login_failed(); + } + + $_SESSION['username'] = $username; + $_SESSION['token'] = $token; + $_SESSION['loggedin'] = true; + $_SESSION['main_currency'] = $main_currency; + $_SESSION['userId'] = $userId; +} else { + $db->close(); + login_failed(); +} ?> \ No newline at end of file