Add support for the X-WebAuth-User header for authentication

includes/checksession.php

@@ -1,6 +1,6 @@
 <?php
-    session_start();
-    if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
+session_start();
+if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     $username = $_SESSION['username'];
     $main_currency = $_SESSION['main_currency'];
     $sql = "SELECT * FROM user WHERE username = :username";
@@ -17,9 +17,25 @@
     if ($userData['avatar'] == "") {
         $userData['avatar'] = "0";
     }
-    } else {
+} else {
+    // Read X-WebAuth-User header
+    if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
+        $username = $_SERVER['HTTP_X_WEBAUTH_USER'];
+        $sql = "SELECT * FROM user WHERE username = :username";
+        $stmt = $db->prepare($sql);
+        $stmt->bindValue(':username', $username, SQLITE3_TEXT);
+        $result = $stmt->execute();
+        $userData = $result->fetchArray(SQLITE3_ASSOC);
 
-        if (isset($_COOKIE['wallos_login'])) {
+        if ($userData === false) {
+            header('Location: logout.php');
+            exit();
+        }
+
+        if ($userData['avatar'] == "") {
+            $userData['avatar'] = "0";
+        }
+    } else if (isset($_COOKIE['wallos_login'])) {
         $cookie = explode('|', $_COOKIE['wallos_login'], 3);
         $username = $cookie[0];
         $token = $cookie[1];
@@ -65,12 +81,10 @@
             header("Location: logout.php");
             exit();
         }
-
-            
     } else {
         $db->close();
         header("Location: login.php");
         exit();
     }
-    }
+}
 ?>