diff --git a/includes/checksession.php b/includes/checksession.php index 7962690..23ae6bc 100644 --- a/includes/checksession.php +++ b/includes/checksession.php @@ -1,8 +1,26 @@ prepare($sql); + $stmt->bindValue(':username', $username, SQLITE3_TEXT); + $result = $stmt->execute(); + $userData = $result->fetchArray(SQLITE3_ASSOC); + + if ($userData === false) { + header('Location: logout.php'); + exit(); + } + + if ($userData['avatar'] == "") { + $userData['avatar'] = "0"; + } +} else { + // Read X-WebAuth-User header + if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) { + $username = $_SERVER['HTTP_X_WEBAUTH_USER']; $sql = "SELECT * FROM user WHERE username = :username"; $stmt = $db->prepare($sql); $stmt->bindValue(':username', $username, SQLITE3_TEXT); @@ -17,60 +35,56 @@ if ($userData['avatar'] == "") { $userData['avatar'] = "0"; } - } else { + } else if (isset($_COOKIE['wallos_login'])) { + $cookie = explode('|', $_COOKIE['wallos_login'], 3); + $username = $cookie[0]; + $token = $cookie[1]; + $main_currency = $cookie[2]; - if (isset($_COOKIE['wallos_login'])) { - $cookie = explode('|', $_COOKIE['wallos_login'], 3); - $username = $cookie[0]; - $token = $cookie[1]; - $main_currency = $cookie[2]; + $sql = "SELECT * FROM user WHERE username = :username"; + $stmt = $db->prepare($sql); + $stmt->bindValue(':username', $username, SQLITE3_TEXT); + $result = $stmt->execute(); - $sql = "SELECT * FROM user WHERE username = :username"; - $stmt = $db->prepare($sql); - $stmt->bindValue(':username', $username, SQLITE3_TEXT); - $result = $stmt->execute(); - - if ($result) { - $userData = $result->fetchArray(SQLITE3_ASSOC); - if (!isset($userData['id'])) { - $db->close(); - header("Location: logout.php"); - exit(); - } - - if ($userData['avatar'] == "") { - $userData['avatar'] = "0"; - } - $userId = $userData['id']; - $main_currency = $userData['main_currency']; - $sql = "SELECT * FROM login_tokens WHERE user_id = ? AND token = ?"; - $stmt = $db->prepare($sql); - $stmt->bindParam(1, $userId, SQLITE3_TEXT); - $stmt->bindParam(2, $token, SQLITE3_TEXT); - $result = $stmt->execute(); - $row = $result->fetchArray(SQLITE3_ASSOC); - - if ($row != false) { - $_SESSION['username'] = $username; - $_SESSION['token'] = $token; - $_SESSION['loggedin'] = true; - $_SESSION['main_currency'] = $main_currency; - } else { - $db->close(); - header("Location: logout.php"); - exit(); - } - } else { + if ($result) { + $userData = $result->fetchArray(SQLITE3_ASSOC); + if (!isset($userData['id'])) { $db->close(); header("Location: logout.php"); exit(); } - + if ($userData['avatar'] == "") { + $userData['avatar'] = "0"; + } + $userId = $userData['id']; + $main_currency = $userData['main_currency']; + $sql = "SELECT * FROM login_tokens WHERE user_id = ? AND token = ?"; + $stmt = $db->prepare($sql); + $stmt->bindParam(1, $userId, SQLITE3_TEXT); + $stmt->bindParam(2, $token, SQLITE3_TEXT); + $result = $stmt->execute(); + $row = $result->fetchArray(SQLITE3_ASSOC); + + if ($row != false) { + $_SESSION['username'] = $username; + $_SESSION['token'] = $token; + $_SESSION['loggedin'] = true; + $_SESSION['main_currency'] = $main_currency; + } else { + $db->close(); + header("Location: logout.php"); + exit(); + } } else { $db->close(); - header("Location: login.php"); + header("Location: logout.php"); exit(); } + } else { + $db->close(); + header("Location: login.php"); + exit(); } +} ?> \ No newline at end of file