Add support for the X-WebAuth-User header for authentication

includes/checksession.php

@@ -1,8 +1,26 @@
 <?php
-    session_start();
+session_start();
-    if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
+if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
-        $username = $_SESSION['username'];
+    $username = $_SESSION['username'];
-        $main_currency = $_SESSION['main_currency'];
+    $main_currency = $_SESSION['main_currency'];
+    $sql = "SELECT * FROM user WHERE username = :username";
+    $stmt = $db->prepare($sql);
+    $stmt->bindValue(':username', $username, SQLITE3_TEXT);
+    $result = $stmt->execute();
+    $userData = $result->fetchArray(SQLITE3_ASSOC);
+
+    if ($userData === false) {
+        header('Location: logout.php');
+        exit();
+    }
+
+    if ($userData['avatar'] == "") {
+        $userData['avatar'] = "0";
+    }
+} else {
+    // Read X-WebAuth-User header
+    if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
+        $username = $_SERVER['HTTP_X_WEBAUTH_USER'];
         $sql = "SELECT * FROM user WHERE username = :username";
         $stmt = $db->prepare($sql);
         $stmt->bindValue(':username', $username, SQLITE3_TEXT);
@@ -17,60 +35,56 @@
         if ($userData['avatar'] == "") {
             $userData['avatar'] = "0";
         }
-    } else {
+    } else if (isset($_COOKIE['wallos_login'])) {
+        $cookie = explode('|', $_COOKIE['wallos_login'], 3);
+        $username = $cookie[0];
+        $token = $cookie[1];
+        $main_currency = $cookie[2];
 
-        if (isset($_COOKIE['wallos_login'])) {
+        $sql = "SELECT * FROM user WHERE username = :username";
-            $cookie = explode('|', $_COOKIE['wallos_login'], 3);
+        $stmt = $db->prepare($sql);
-            $username = $cookie[0];
+        $stmt->bindValue(':username', $username, SQLITE3_TEXT);
-            $token = $cookie[1];
+        $result = $stmt->execute();
-            $main_currency = $cookie[2];
 
-            $sql = "SELECT * FROM user WHERE username = :username";
+        if ($result) {
-            $stmt = $db->prepare($sql);
+            $userData = $result->fetchArray(SQLITE3_ASSOC);
-            $stmt->bindValue(':username', $username, SQLITE3_TEXT);
+            if (!isset($userData['id'])) {
-            $result = $stmt->execute();
-            
-            if ($result) {
-                $userData = $result->fetchArray(SQLITE3_ASSOC);
-                if (!isset($userData['id'])) {
-                    $db->close();
-                    header("Location: logout.php");
-                    exit();
-                }
-
-                if ($userData['avatar'] == "") {
-                    $userData['avatar'] = "0";
-                }
-                $userId = $userData['id'];
-                $main_currency = $userData['main_currency'];
-                $sql = "SELECT * FROM login_tokens WHERE user_id = ? AND token = ?";
-                $stmt = $db->prepare($sql);
-                $stmt->bindParam(1, $userId, SQLITE3_TEXT);
-                $stmt->bindParam(2, $token, SQLITE3_TEXT);
-                $result = $stmt->execute();
-                $row = $result->fetchArray(SQLITE3_ASSOC);
-
-                if ($row != false) {
-                    $_SESSION['username'] = $username;
-                    $_SESSION['token'] = $token;
-                    $_SESSION['loggedin'] = true;
-                    $_SESSION['main_currency'] = $main_currency;
-                } else {
-                    $db->close();
-                    header("Location: logout.php");
-                    exit();
-                }
-            } else {
                 $db->close();
                 header("Location: logout.php");
                 exit();
             }
 
+            if ($userData['avatar'] == "") {
+                $userData['avatar'] = "0";
+            }
+            $userId = $userData['id'];
+            $main_currency = $userData['main_currency'];
+            $sql = "SELECT * FROM login_tokens WHERE user_id = ? AND token = ?";
+            $stmt = $db->prepare($sql);
+            $stmt->bindParam(1, $userId, SQLITE3_TEXT);
+            $stmt->bindParam(2, $token, SQLITE3_TEXT);
+            $result = $stmt->execute();
+            $row = $result->fetchArray(SQLITE3_ASSOC);
 
+            if ($row != false) {
+                $_SESSION['username'] = $username;
+                $_SESSION['token'] = $token;
+                $_SESSION['loggedin'] = true;
+                $_SESSION['main_currency'] = $main_currency;
+            } else {
+                $db->close();
+                header("Location: logout.php");
+                exit();
+            }
         } else {
             $db->close();
-            header("Location: login.php");
+            header("Location: logout.php");
             exit();
         }
+    } else {
+        $db->close();
+        header("Location: login.php");
+        exit();
     }
+}
 ?>