/** * Check authentication cookie and set global */ static function authenticate() { global $Database, $signedIn, $currentUser, $Color, $color; CSRFProtection::detect(); if (!POST_REQUEST && isset($_GET['CSRF_TOKEN'])) { HTTP::redirect(CSRFProtection::removeParamFromURL($_SERVER['REQUEST_URI'])); } if (!Cookie::exists('access')) { return; } $authKey = Cookie::get('access'); if (!empty($authKey)) { if (!preg_match(new RegExp('^[a-f\\d]+$', 'iu'), $authKey)) { $oldAuthKey = $authKey; $authKey = bin2hex($authKey); $Database->where('token', sha1($oldAuthKey))->update('sessions', array('token' => sha1($authKey))); Cookie::set('access', $authKey, time() + Time::$IN_SECONDS['year'], Cookie::HTTPONLY); } $currentUser = Users::get(sha1($authKey), 'token'); } if (!empty($currentUser)) { if ($currentUser->role === 'ban') { $Database->where('id', $currentUser->id)->delete('sessions'); } else { if (strtotime($currentUser->Session['expires']) < time()) { $tokenvalid = false; try { DeviantArt::getToken($currentUser->Session['refresh'], 'refresh_token'); $tokenvalid = true; } catch (CURLRequestException $e) { $Database->where('id', $currentUser->Session['id'])->delete('sessions'); trigger_error("Session refresh failed for {$currentUser->name} ({$currentUser->id}) | {$e->getMessage()} (HTTP {$e->getCode()})", E_USER_WARNING); } } else { $tokenvalid = true; } if ($tokenvalid) { $signedIn = true; if (time() - strtotime($currentUser->Session['lastvisit']) > Time::$IN_SECONDS['minute']) { $lastVisitTS = date('c'); if ($Database->where('id', $currentUser->Session['id'])->update('sessions', array('lastvisit' => $lastVisitTS))) { $currentUser->Session['lastvisit'] = $lastVisitTS; } } $_PrefersColour = array('Pirill-Poveniy' => true, 'itv-canterlot' => true); if (isset($_PrefersColour[$currentUser->name])) { $Color = 'Colour'; $color = 'colour'; } } } } else { Cookie::delete('access', Cookie::HTTPONLY); } }
use App\UserPrefs; if (!isset($_GET['error']) && (empty($_GET['code']) || empty($_GET['state']))) { $_GET['error'] = 'unauthorized_client'; } if (isset($_GET['error'])) { $err = $_GET['error']; if (isset($_GET['error_description'])) { $errdesc = $_GET['error_description']; } global $signedIn; if ($signedIn) { HTTP::redirect($_GET['state']); } Episodes::loadPage(); } $currentUser = DeviantArt::getToken($_GET['code']); $signedIn = !empty($currentUser); if (isset($_GET['error'])) { $err = $_GET['error']; if (isset($_GET['error_description'])) { $errdesc = $_GET['error_description']; } if ($err === 'user_banned') { $errdesc .= "\n\nIf you'd like to appeal your ban, please <a href='http://mlp-vectorclub.deviantart.com/notes/'>send the group a note</a>."; } Episodes::loadPage(); } if (preg_match(new RegExp('^[a-z\\d]+$', 'i'), $_GET['state'], $_match)) { $confirm = str_replace('{{CODE}}', $_match[0], file_get_contents(INCPATH . 'views/loginConfrim.html')); $confirm = str_replace('{{USERID}}', Permission::sufficient('developer') || UserPrefs::get('p_disable_ga') ? '' : $currentUser->id, $confirm); die($confirm);