This repository has been archived by the owner on Jun 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathverify.php
50 lines (45 loc) · 1.91 KB
/
verify.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
/**
* >> Frontend <<
* >> verify.php <<
* (c) Florentin Schäfer 2020
* Verifies if the user is logged in, has to be required in every other file
* It also includes the authentication-data for the MariaDB-database
*/
session_start();
if(count(get_included_files()) == 1) {
$verification = verify();
if ($verification["status"] === "success") exit(json_encode($verification));
else exit(json_encode($verification));
}
function verify() {
if (isset($_COOKIE["sessiontoken"])) {
$stmt = getPDO()->prepare("SELECT * FROM session WHERE sessiontoken=?");
$stmt->execute([$_COOKIE["sessiontoken"]]);
if ($stmt->rowCount() > 1) { // Da ist was gewaltig schief gelaufen lol
getPDO()->prepare("DELETE FROM session WHERE sessiontoken=?")->execute([$_COOKIE["sessiontoken"]]);
return ["status" => "error", "code" => "database_error"];
}
if ($stmt->rowCount() == 1) {
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row["useragent"] === $_SERVER["HTTP_USER_AGENT"]) {
if (strtotime($row["lastupdatetime"]) > (time() - 3600 * 24 * 30)) { // Nutzer hat sich innerhalb der letzten 30 Tage eingeloggt
getPDO()
->prepare("UPDATE session SET lastupdatetime=current_timestamp() WHERE sessiontoken=?")
->execute([$_COOKIE["sessiontoken"]]);
return ["status" => "success", "username" => $row["username"]];
}
return ["status" => "error", "code" => "session_expired"];
}
return ["status" => "error", "code" => "unrecognized_browser"];
}
}
return ["status" => "error", "code" => "forbidden"];
}
function getPDO() {
$host = "localhost";
$dbname = "webotp";
$username = "root";
$passwd = "";
return new PDO("mysql:host=$host;dbname=$dbname", $username, $passwd);
}