e949/api/_auth.php

61 lines
1.5 KiB
PHP
Raw Normal View History

2023-08-12 04:09:17 +05:30
<?php
// Things related to authentication
2023-08-12 04:09:17 +05:30
// Includes
2023-12-20 08:38:13 +05:30
if ($IS_FRONTEND)
require_once("api/_db.php");
else
require_once("_db.php");
2023-08-12 04:09:17 +05:30
2023-08-30 07:11:13 +05:30
// End currently active session
function AUTH_EndSession () {
2023-08-30 07:11:13 +05:30
session_unset();
session_destroy();
if (isset($_COOKIE["PHPSESSID"])) {
unset($_COOKIE["PHPSESSID"]);
setcookie("PHPSESSID", "", time() - 3600, "/");
}
}
// A few tips:
// session_start() - start OR RESUME session
// If $_SESSION["userid"] is set - it counted as active login session
// If its not set - it counted as no login session
session_start();
2023-08-12 04:09:17 +05:30
$LOGGED_IN = false;
$THIS_USER = null; // ID of logged in user
2023-08-12 04:09:17 +05:30
if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { // If there are active session
2023-08-12 04:09:17 +05:30
// Check if user still exist
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
$s->bind_param("s", $_SESSION["userid"]);
$s->execute();
if (!(bool)$s->get_result()->fetch_assoc()) { // If not, then destroy session
AUTH_EndSession();
2023-08-12 04:09:17 +05:30
die("user id used in session does not exist");
}
$LOGGED_IN = true;
$THIS_USER = $_SESSION["userid"];
} elseif (session_status() === PHP_SESSION_DISABLED) { // If sessions are disabled
die("ERROR: please enable sessions in php config");
}
if ($Config["debug"] && isset($_REQUEST["debug"])) { // If there are not any session and debug mode is on
// ATTENTION: FOR DEBUG PURPOSES ONLY!
if ($_REQUEST["debug"] == "drop") {
AUTH_EndSession();
die("session discarded");
}
$_SESSION["userid"] = intval($_REQUEST["debug"]);
print_r(["created_session" => $_SESSION]);
die();
2023-08-12 04:09:17 +05:30
}
?>