Beispiel #1
0
 /**
  * Check authentication cookie and set global
  */
 static function authenticate()
 {
     global $Database, $signedIn, $currentUser, $Color, $color;
     CSRFProtection::detect();
     if (!POST_REQUEST && isset($_GET['CSRF_TOKEN'])) {
         HTTP::redirect(CSRFProtection::removeParamFromURL($_SERVER['REQUEST_URI']));
     }
     if (!Cookie::exists('access')) {
         return;
     }
     $authKey = Cookie::get('access');
     if (!empty($authKey)) {
         if (!preg_match(new RegExp('^[a-f\\d]+$', 'iu'), $authKey)) {
             $oldAuthKey = $authKey;
             $authKey = bin2hex($authKey);
             $Database->where('token', sha1($oldAuthKey))->update('sessions', array('token' => sha1($authKey)));
             Cookie::set('access', $authKey, time() + Time::$IN_SECONDS['year'], Cookie::HTTPONLY);
         }
         $currentUser = Users::get(sha1($authKey), 'token');
     }
     if (!empty($currentUser)) {
         if ($currentUser->role === 'ban') {
             $Database->where('id', $currentUser->id)->delete('sessions');
         } else {
             if (strtotime($currentUser->Session['expires']) < time()) {
                 $tokenvalid = false;
                 try {
                     DeviantArt::getToken($currentUser->Session['refresh'], 'refresh_token');
                     $tokenvalid = true;
                 } catch (CURLRequestException $e) {
                     $Database->where('id', $currentUser->Session['id'])->delete('sessions');
                     trigger_error("Session refresh failed for {$currentUser->name} ({$currentUser->id}) | {$e->getMessage()} (HTTP {$e->getCode()})", E_USER_WARNING);
                 }
             } else {
                 $tokenvalid = true;
             }
             if ($tokenvalid) {
                 $signedIn = true;
                 if (time() - strtotime($currentUser->Session['lastvisit']) > Time::$IN_SECONDS['minute']) {
                     $lastVisitTS = date('c');
                     if ($Database->where('id', $currentUser->Session['id'])->update('sessions', array('lastvisit' => $lastVisitTS))) {
                         $currentUser->Session['lastvisit'] = $lastVisitTS;
                     }
                 }
                 $_PrefersColour = array('Pirill-Poveniy' => true, 'itv-canterlot' => true);
                 if (isset($_PrefersColour[$currentUser->name])) {
                     $Color = 'Colour';
                     $color = 'colour';
                 }
             }
         }
     } else {
         Cookie::delete('access', Cookie::HTTPONLY);
     }
 }
Beispiel #2
0
use App\UserPrefs;
if (!isset($_GET['error']) && (empty($_GET['code']) || empty($_GET['state']))) {
    $_GET['error'] = 'unauthorized_client';
}
if (isset($_GET['error'])) {
    $err = $_GET['error'];
    if (isset($_GET['error_description'])) {
        $errdesc = $_GET['error_description'];
    }
    global $signedIn;
    if ($signedIn) {
        HTTP::redirect($_GET['state']);
    }
    Episodes::loadPage();
}
$currentUser = DeviantArt::getToken($_GET['code']);
$signedIn = !empty($currentUser);
if (isset($_GET['error'])) {
    $err = $_GET['error'];
    if (isset($_GET['error_description'])) {
        $errdesc = $_GET['error_description'];
    }
    if ($err === 'user_banned') {
        $errdesc .= "\n\nIf you'd like to appeal your ban, please <a href='http://mlp-vectorclub.deviantart.com/notes/'>send the group a note</a>.";
    }
    Episodes::loadPage();
}
if (preg_match(new RegExp('^[a-z\\d]+$', 'i'), $_GET['state'], $_match)) {
    $confirm = str_replace('{{CODE}}', $_match[0], file_get_contents(INCPATH . 'views/loginConfrim.html'));
    $confirm = str_replace('{{USERID}}', Permission::sufficient('developer') || UserPrefs::get('p_disable_ga') ? '' : $currentUser->id, $confirm);
    die($confirm);