109 lines
2.9 KiB
PHP
109 lines
2.9 KiB
PHP
<?php
|
|
/*
|
|
_____ _____ _ _
|
|
/ ____| / ____| | | | |
|
|
_ __ ___ ___| (___ ___ _ ____ _| | ___ _ __ | |_ _ __ ___ | |
|
|
| '_ ` _ \ / __|\___ \ / _ \ '__\ \ / / | / _ \| '_ \| __| '__/ _ \| |
|
|
| | | | | | (__ ____) | __/ | \ V /| |___| (_) | | | | |_| | | (_) | |
|
|
|_| |_| |_|\___|_____/ \___|_| \_/ \_____\___/|_| |_|\__|_| \___/|_|
|
|
|
|
* By marc-go
|
|
*/
|
|
|
|
ini_set("display_errors", 1);
|
|
ini_set("display_startup_errors", 1);
|
|
error_reporting(E_ALL);
|
|
|
|
class mcServApi {
|
|
public function getConf() {
|
|
$env = parse_ini_file(__DIR__ . "/../.env");
|
|
return $env;
|
|
}
|
|
|
|
public function getDB() {
|
|
$config = $this->getConf();
|
|
|
|
$db = new PDO("sqlite:" . $config["DB_PATH"]);
|
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
return $db;
|
|
}
|
|
|
|
public function checkAuth() {
|
|
if ($this->checkLogin()) {
|
|
return true;
|
|
}elseif (isset($_SERVER["HTTP_X_API_KEY"])) {
|
|
$key = $_SERVER["HTTP_X_API_KEY"];
|
|
|
|
$db = $this->getDB();
|
|
|
|
$sql = "SELECT * FROM api_keys WHERE key = :key";
|
|
|
|
$stmt = $db->prepare($sql);
|
|
|
|
$stmt->execute([":key" => $key]);
|
|
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($result) {
|
|
$user_id = $result["user_id"];
|
|
|
|
$sql = "SELECT username FROM users WHERE id = :id";
|
|
$stmt = $db->prepare($sql);
|
|
|
|
$stmt->execute([":id" => $user_id]);
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
$username = $result["username"];
|
|
|
|
$this->api_keys[$key] = $username;
|
|
|
|
return true;
|
|
}else{
|
|
return false;
|
|
}
|
|
}else{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
public function getUser() {
|
|
if ($this->checkLogin()) {
|
|
return $_COOKIE["username"];
|
|
}elseif (isset($_SERVER["HTTP_X_API_KEY"])) {
|
|
$key = $_SERVER["HTTP_X_API_KEY"];
|
|
if (isset($this->api_keys[$key])) {
|
|
return $this->api_keys[$key];
|
|
}
|
|
}
|
|
}
|
|
|
|
public function checkLogin() {
|
|
if (!isset($_COOKIE["session_id"]) || !isset($_COOKIE["device_id"]) || !isset($_COOKIE["username"])) {
|
|
return false;
|
|
}
|
|
|
|
$config = $this->getConf();
|
|
|
|
$json = json_decode(file_get_contents($config["PATH"] . "/tmp/user_sessions/" . $_COOKIE["username"] . ".json"), true);
|
|
|
|
if (!isset($json[$_COOKIE["device_id"]])) {
|
|
return false;
|
|
}
|
|
|
|
$device = $json[$_COOKIE["device_id"]];
|
|
|
|
if ($device["session_id"] !== $_COOKIE["session_id"]) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
public function generateSessionID() {
|
|
$num = rand(1, 999999);
|
|
$hash = hash("sha256", $num);
|
|
|
|
return $hash;
|
|
}
|
|
} |