From a2f03869d1b029db05750fef8045891a584dbfd0 Mon Sep 17 00:00:00 2001
From: Bastard Operator <bofh@nogafam.es>
Date: Sat, 27 Nov 2021 02:03:34 +0100
Subject: [PATCH] Add cookie validation on base.php and include web/index.php
 if ok

---
 public/index.php     |  4 ++++
 public/web/index.php |  3 +++
 src/base.auth.php    | 19 +++++++++++++++++++
 src/base.php         |  1 +
 4 files changed, 27 insertions(+)
 create mode 100644 public/web/index.php
 create mode 100644 src/base.auth.php

diff --git a/public/index.php b/public/index.php
index 6899cfa..9cbf2d7 100644
--- a/public/index.php
+++ b/public/index.php
@@ -5,6 +5,10 @@ if (str_starts_with($_SERVER['REQUEST_URI'], '/@')) {
 	require 'user/index.php'; die;
 }
 
+if ($valid_cookie) {
+	require 'web/index.php'; die;
+}
+
 $p = [
 	'title' => 'RealFan - Your Way'
 ];
diff --git a/public/web/index.php b/public/web/index.php
new file mode 100644
index 0000000..2f5f51e
--- /dev/null
+++ b/public/web/index.php
@@ -0,0 +1,3 @@
+<?php
+
+echo 'web';
diff --git a/src/base.auth.php b/src/base.auth.php
new file mode 100644
index 0000000..1d06226
--- /dev/null
+++ b/src/base.auth.php
@@ -0,0 +1,19 @@
+<?php
+
+# check session cookie
+$cookie = null;
+$valid_cookie = false;
+if (isset($_COOKIE['rf_sess'])) {
+	$cookie = trim($_COOKIE['rf_sess']);
+	if (preg_match('/^[a-z0-9]+$/', $cookie)) {
+		require_once '/src/classes/database.php';
+		$sm = $db->prepare('SELECT id FROM oauth_tokens WHERE cookie = ?');
+		$sm->execute([$cookie]);
+		if (($oauth = $sm->fetch()) !== false) {
+			if (isset($oauth['id']))
+				$valid_cookie = true;
+		}
+	}
+	if (!$valid_cookie)
+		setcookie('rf_sess', null);
+}
diff --git a/src/base.php b/src/base.php
index ca65425..9e1e670 100644
--- a/src/base.php
+++ b/src/base.php
@@ -44,3 +44,4 @@ function conf($key, $default='') {
 }
 
 require_once '/src/base.methods.php';
+require_once '/src/base.auth.php';