From a2f03869d1b029db05750fef8045891a584dbfd0 Mon Sep 17 00:00:00 2001 From: Bastard Operator Date: Sat, 27 Nov 2021 02:03:34 +0100 Subject: [PATCH] Add cookie validation on base.php and include web/index.php if ok --- public/index.php | 4 ++++ public/web/index.php | 3 +++ src/base.auth.php | 19 +++++++++++++++++++ src/base.php | 1 + 4 files changed, 27 insertions(+) create mode 100644 public/web/index.php create mode 100644 src/base.auth.php diff --git a/public/index.php b/public/index.php index 6899cfa..9cbf2d7 100644 --- a/public/index.php +++ b/public/index.php @@ -5,6 +5,10 @@ if (str_starts_with($_SERVER['REQUEST_URI'], '/@')) { require 'user/index.php'; die; } +if ($valid_cookie) { + require 'web/index.php'; die; +} + $p = [ 'title' => 'RealFan - Your Way' ]; diff --git a/public/web/index.php b/public/web/index.php new file mode 100644 index 0000000..2f5f51e --- /dev/null +++ b/public/web/index.php @@ -0,0 +1,3 @@ +prepare('SELECT id FROM oauth_tokens WHERE cookie = ?'); + $sm->execute([$cookie]); + if (($oauth = $sm->fetch()) !== false) { + if (isset($oauth['id'])) + $valid_cookie = true; + } + } + if (!$valid_cookie) + setcookie('rf_sess', null); +} diff --git a/src/base.php b/src/base.php index ca65425..9e1e670 100644 --- a/src/base.php +++ b/src/base.php @@ -44,3 +44,4 @@ function conf($key, $default='') { } require_once '/src/base.methods.php'; +require_once '/src/base.auth.php';