コード例 #1
0
ファイル: auth.php プロジェクト: Ashoat/squadcal
function init_cookie()
{
    global $conn, $cookie_lifetime;
    if (!isset($_COOKIE['user'])) {
        return array(init_anonymous_cookie(), false);
    }
    list($cookie_id, $cookie_password) = explode(':', $_COOKIE['user']);
    $cookie_id = intval($cookie_id);
    $result = $conn->query("SELECT hash, user, last_update FROM cookies " . "WHERE id = {$cookie_id} AND user IS NOT NULL");
    $cookie_row = $result->fetch_assoc();
    if (!$cookie_row || !password_verify($cookie_password, $cookie_row['hash'])) {
        delete_cookie('user');
        return array(init_anonymous_cookie(), false);
    }
    $time = round(microtime(true) * 1000);
    // in milliseconds
    if ($cookie_row['last_update'] + $cookie_lifetime * 1000 < $time) {
        // Cookie is expired. Delete it...
        delete_cookie('user');
        $conn->query("DELETE c, i FROM cookies c LEFT JOIN ids i ON i.id = c.id " . "WHERE c.id = {$cookie_id}");
        return array(init_anonymous_cookie(), false);
    }
    $conn->query("UPDATE cookies SET last_update = {$time} WHERE id = {$cookie_id}");
    add_cookie('user', "{$cookie_id}:{$cookie_password}", $time);
    return array((int) $cookie_row['user'], true);
}
コード例 #2
0
ファイル: delete_account.php プロジェクト: Ashoat/squadcal
require_once 'config.php';
require_once 'auth.php';
require_once 'calendar_lib.php';
header("Content-Type: application/json");
if ($https && !isset($_SERVER['HTTPS'])) {
    // We're using mod_rewrite .htaccess for HTTPS redirect; this shouldn't happen
    header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
    exit;
}
if (!user_logged_in()) {
    exit(json_encode(array('error' => 'not_logged_in')));
}
if (!isset($_POST['password'])) {
    exit(json_encode(array('error' => 'invalid_parameters')));
}
$user = get_viewer_id();
$password = $_POST['password'];
$result = $conn->query("SELECT hash FROM users WHERE id = {$user}");
$user_row = $result->fetch_assoc();
if (!$user_row) {
    exit(json_encode(array('error' => 'internal_error')));
}
if (!password_verify($password, $user_row['hash'])) {
    exit(json_encode(array('error' => 'invalid_credentials')));
}
$conn->query("DELETE u, iu, v, iv, c, ic, r FROM users u " . "LEFT JOIN ids iu ON iu.id = u.id " . "LEFT JOIN verifications v ON v.user = u.id " . "LEFT JOIN ids iv ON iv.id = v.id " . "LEFT JOIN cookies c ON c.user = u.id " . "LEFT JOIN ids ic ON ic.id = c.id " . "LEFT JOIN roles r ON r.user = u.id " . "WHERE u.id = {$user}");
// TODO figure out what to do what calendars this account admins
delete_cookie('user');
$anonymous_viewer = init_anonymous_cookie();
exit(json_encode(array('success' => true, 'calendar_infos' => get_calendar_infos($anonymous_viewer))));