getConf(); $db = new PDO("sqlite:" . $config["DB_PATH"]); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); return $db; } public function checkAuth() { if ($this->checkLogin()) { return true; }elseif (isset($_SERVER["HTTP_X_API_KEY"])) { $key = $_SERVER["HTTP_X_API_KEY"]; $db = $this->getDB(); $sql = "SELECT * FROM api_keys WHERE key = :key"; $stmt = $db->prepare($sql); $stmt->execute([":key" => $key]); $result = $stmt->fetch(PDO::FETCH_ASSOC); if ($result) { $user_id = $result["user_id"]; $sql = "SELECT username FROM users WHERE id = :id"; $stmt = $db->prepare($sql); $stmt->execute([":id" => $user_id]); $result = $stmt->fetch(PDO::FETCH_ASSOC); $username = $result["username"]; $this->api_keys[$key] = $username; return true; }else{ return false; } }else{ return false; } } public function getUser() { if ($this->checkLogin()) { return $_COOKIE["username"]; }elseif (isset($_SERVER["HTTP_X_API_KEY"])) { $key = $_SERVER["HTTP_X_API_KEY"]; if (isset($this->api_keys[$key])) { return $this->api_keys[$key]; } } } public function checkLogin() { if (!isset($_COOKIE["session_id"]) || !isset($_COOKIE["device_id"]) || !isset($_COOKIE["username"])) { return false; } $config = $this->getConf(); $json = json_decode(file_get_contents($config["PATH"] . "/tmp/user_sessions/" . $_COOKIE["username"] . ".json"), true); if (!isset($json[$_COOKIE["device_id"]])) { return false; } $device = $json[$_COOKIE["device_id"]]; if ($device["session_id"] !== $_COOKIE["session_id"]) { return false; } return true; } public function generateSessionID() { $num = rand(1, 999999); $hash = hash("sha256", $num); return $hash; } }