Add support for the X-WebAuth-User header for authentication

2024-06-09 22:04:35 +01:00 · 2024-06-09 22:04:35 +01:00 · ef6f19eb77
commit ef6f19eb77
parent 48899f307c
1 changed files with 62 additions and 48 deletions
--- a/includes/checksession.php
+++ b/includes/checksession.php
@ -1,8 +1,26 @@
 <?php
-    session_start();
-    if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
-        $username = $_SESSION['username'];
-        $main_currency = $_SESSION['main_currency'];
+session_start();
+if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
+    $username = $_SESSION['username'];
+    $main_currency = $_SESSION['main_currency'];
+    $sql = "SELECT * FROM user WHERE username = :username";
+    $stmt = $db->prepare($sql);
+    $stmt->bindValue(':username', $username, SQLITE3_TEXT);
+    $result = $stmt->execute();
+    $userData = $result->fetchArray(SQLITE3_ASSOC);
+
+    if ($userData === false) {
+        header('Location: logout.php');
+        exit();
+    }
+
+    if ($userData['avatar'] == "") {
+        $userData['avatar'] = "0";
+    }
+} else {
+    // Read X-WebAuth-User header
+    if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
+        $username = $_SERVER['HTTP_X_WEBAUTH_USER'];
        $sql = "SELECT * FROM user WHERE username = :username";
        $stmt = $db->prepare($sql);
        $stmt->bindValue(':username', $username, SQLITE3_TEXT);
@ -17,60 +35,56 @@
        if ($userData['avatar'] == "") {
            $userData['avatar'] = "0";
        }
-    } else {
+    } else if (isset($_COOKIE['wallos_login'])) {
+        $cookie = explode('|', $_COOKIE['wallos_login'], 3);
+        $username = $cookie[0];
+        $token = $cookie[1];
+        $main_currency = $cookie[2];

-        if (isset($_COOKIE['wallos_login'])) {
-            $cookie = explode('|', $_COOKIE['wallos_login'], 3);
-            $username = $cookie[0];
-            $token = $cookie[1];
-            $main_currency = $cookie[2];
+        $sql = "SELECT * FROM user WHERE username = :username";
+        $stmt = $db->prepare($sql);
+        $stmt->bindValue(':username', $username, SQLITE3_TEXT);
+        $result = $stmt->execute();

-            $sql = "SELECT * FROM user WHERE username = :username";
-            $stmt = $db->prepare($sql);
-            $stmt->bindValue(':username', $username, SQLITE3_TEXT);
-            $result = $stmt->execute();
-            
-            if ($result) {
-                $userData = $result->fetchArray(SQLITE3_ASSOC);
-                if (!isset($userData['id'])) {
-                    $db->close();
-                    header("Location: logout.php");
-                    exit();
-                }
-
-                if ($userData['avatar'] == "") {
-                    $userData['avatar'] = "0";
-                }
-                $userId = $userData['id'];
-                $main_currency = $userData['main_currency'];
-                $sql = "SELECT * FROM login_tokens WHERE user_id = ? AND token = ?";
-                $stmt = $db->prepare($sql);
-                $stmt->bindParam(1, $userId, SQLITE3_TEXT);
-                $stmt->bindParam(2, $token, SQLITE3_TEXT);
-                $result = $stmt->execute();
-                $row = $result->fetchArray(SQLITE3_ASSOC);
-
-                if ($row != false) {
-                    $_SESSION['username'] = $username;
-                    $_SESSION['token'] = $token;
-                    $_SESSION['loggedin'] = true;
-                    $_SESSION['main_currency'] = $main_currency;
-                } else {
-                    $db->close();
-                    header("Location: logout.php");
-                    exit();
-                }
-            } else {
+        if ($result) {
+            $userData = $result->fetchArray(SQLITE3_ASSOC);
+            if (!isset($userData['id'])) {
                $db->close();
                header("Location: logout.php");
                exit();
            }

-            
+            if ($userData['avatar'] == "") {
+                $userData['avatar'] = "0";
+            }
+            $userId = $userData['id'];
+            $main_currency = $userData['main_currency'];
+            $sql = "SELECT * FROM login_tokens WHERE user_id = ? AND token = ?";
+            $stmt = $db->prepare($sql);
+            $stmt->bindParam(1, $userId, SQLITE3_TEXT);
+            $stmt->bindParam(2, $token, SQLITE3_TEXT);
+            $result = $stmt->execute();
+            $row = $result->fetchArray(SQLITE3_ASSOC);
+
+            if ($row != false) {
+                $_SESSION['username'] = $username;
+                $_SESSION['token'] = $token;
+                $_SESSION['loggedin'] = true;
+                $_SESSION['main_currency'] = $main_currency;
+            } else {
+                $db->close();
+                header("Location: logout.php");
+                exit();
+            }
        } else {
            $db->close();
-            header("Location: login.php");
+            header("Location: logout.php");
            exit();
        }
+    } else {
+        $db->close();
+        header("Location: login.php");
+        exit();
    }
+}
 ?>