joshuacoles/wallos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor checksession.php, wouldn't it be good to have a test-env atm :D

Browse Source
This commit is contained in:
Joshua Coles 2024-06-10 14:33:01 +01:00
parent 09d0c71569
commit 9cfd71254c
1 changed files with 109 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
includes/checksession.php
View File

@ -1,4 +1,10 @@
<?php
function login_failed()
{
header("Location: logout.php");
exit();
}
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
$username = $_SESSION['username'];
@ -13,34 +19,37 @@
if ($userData === false) {
header('Location: logout.php');
exit();
} else {
$_SESSION['userId'] = $userData['id'];
}
$_SESSION['userId'] = $userData['id'];
if ($userData['avatar'] == "") {
$userData['avatar'] = "0";
}
} else {
// Read X-WebAuth-User header as option for login
if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
} else if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
$username = $_SERVER['HTTP_X_WEBAUTH_USER'];
$query = "SELECT id, username, main_currency, language FROM user WHERE username = :username";
$stmt = $db->prepare($query);
$stmt->bindValue(':id', 1, SQLITE3_INTEGER);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row) {
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $row['main_currency'];
$_SESSION['userId'] = $row['id'];
$_SESSION['language'] = $row['language'];
} else {
$db->close();
header("Location: logout.php");
$sql = "SELECT * FROM user WHERE username = :username";
$stmt = $db->prepare($sql);
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$result = $stmt->execute();
$userData = $result->fetchArray(SQLITE3_ASSOC);
$userId = $userData['id'];
if ($userData === false) {
header('Location: logout.php');
exit();
}
$_SESSION['userId'] = $userData['id'];
$_SESSION['username'] = $userData['username'];
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $userData['main_currency'];
$_SESSION['language'] = $userData['language'];
if ($userData['avatar'] == "") {
$userData['avatar'] = "0";
}
} else if (isset($_COOKIE['wallos_login'])) {
$cookie = explode('|', $_COOKIE['wallos_login'], 3);
$username = $cookie[0];
@ -52,23 +61,28 @@
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$result = $stmt->execute();
if ($result) {
if (!$result) {
$db->close();
login_failed();
}
$userData = $result->fetchArray(SQLITE3_ASSOC);
if (!isset($userData['id'])) {
$db->close();
header("Location: logout.php");
exit();
login_failed();
}
if ($userData['avatar'] == "") {
$userData['avatar'] = "0";
}
$userId = $userData['id'];
$main_currency = $userData['main_currency'];
$adminQuery = "SELECT login_disabled FROM admin";
$adminResult = $db->query($adminQuery);
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
if ($adminRow['login_disabled'] == 1) {
$sql = "SELECT * FROM login_tokens WHERE user_id = :userId";
$stmt = $db->prepare($sql);
@ -79,10 +93,15 @@
$stmt->bindParam(':userId', $userId, SQLITE3_TEXT);
$stmt->bindParam(':token', $token, SQLITE3_TEXT);
}
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row != false) {
if (!$row) {
$db->close();
login_failed();
}
$_SESSION['username'] = $username;
$_SESSION['token'] = $token;
$_SESSION['loggedin'] = true;
@ -90,18 +109,6 @@
$_SESSION['userId'] = $userId;
} else {
$db->close();
header("Location: logout.php");
exit();
}
} else {
$db->close();
header("Location: logout.php");
exit();
}
} else {
$db->close();
header("Location: login.php");
exit();
}
login_failed();
}
?>