Add support for the X-WebAuth-User header for authentication

2024-06-09 22:04:35 +01:00 · 2024-06-09 22:04:35 +01:00 · ef6f19eb77
commit ef6f19eb77
parent 48899f307c
1 changed files with 62 additions and 48 deletions
--- a/includes/checksession.php
+++ b/includes/checksession.php
@ -1,6 +1,6 @@
 <?php
-    session_start();
+session_start();
-    if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
+if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
    $username = $_SESSION['username'];
    $main_currency = $_SESSION['main_currency'];
    $sql = "SELECT * FROM user WHERE username = :username";
@ -17,9 +17,25 @@
    if ($userData['avatar'] == "") {
        $userData['avatar'] = "0";
    }
-    } else {
+} else {
    // Read X-WebAuth-User header
    if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
        $username = $_SERVER['HTTP_X_WEBAUTH_USER'];
        $sql = "SELECT * FROM user WHERE username = :username";
        $stmt = $db->prepare($sql);
        $stmt->bindValue(':username', $username, SQLITE3_TEXT);
        $result = $stmt->execute();
        $userData = $result->fetchArray(SQLITE3_ASSOC);
-        if (isset($_COOKIE['wallos_login'])) {
+        if ($userData === false) {
            header('Location: logout.php');
            exit();
        }
        if ($userData['avatar'] == "") {
            $userData['avatar'] = "0";
        }
    } else if (isset($_COOKIE['wallos_login'])) {
        $cookie = explode('|', $_COOKIE['wallos_login'], 3);
        $username = $cookie[0];
        $token = $cookie[1];
@ -65,12 +81,10 @@
            header("Location: logout.php");
            exit();
        }
    } else {
        $db->close();
        header("Location: login.php");
        exit();
    }
-    }
+}
 ?>