Select Git revision
index.php 5.63 KiB
<?php
require_once __DIR__ . '/vendor/autoload.php';
session_start();
error_reporting(E_ERROR | E_WARNING | E_PARSE);
if (empty($_SESSION)) {
$_SESSION['auth'] = false;
}
include "config.php";
// MySQL
$pdo = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD, PDO_OPTIONS);
// Email
if (defined("RESEND_API_KEY")) {
$resend = Resend::client(RESEND_API_KEY);
}
require "misc_functions.php";
require "database.php";
include("time_handler.php");
include("id_handler.php");
include("accounts_handler.php");
// Attempt to log the user in using their cookie if auth isn't set.
if (!$_SESSION['auth']) {
if (key_exists('keep_me_logged_in', $_COOKIE)) {
if (validate_access_token($_COOKIE['keep_me_logged_in'])) {
// Work out who the key belongs to
$cookie_owner = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$_COOKIE['keep_me_logged_in']]);
if ($cookie_owner['type'] != "cookie") {
setcookie('keep_me_logged_in', '', time()-3600);
goto skip_cookie;
}
$_SESSION['auth'] = true;
$_SESSION['id'] = $cookie_owner['owner_id'];
} else {
setcookie('keep_me_logged_in', '', time()-3600);
}
}
}
skip_cookie:
$host_string = $_SERVER['HTTP_HOST'];
$host = explode('.', $host_string);
$uri_string = $_SERVER['REQUEST_URI'];
$query_string = explode('?', $uri_string);
$path = $query_string[0];
if (str_ends_with($path,'/') && $path != "/") {
header('Location: '.substr($path,0, -1));
exit;
}
$uri = array_values(array_filter(explode('/', $uri_string)));
try {
if ($_SESSION['auth']) {
$user = db_execute("SELECT * FROM `accounts` WHERE id = ? LIMIT 1", [$_SESSION['id']]);
if (!$user) {
// Account doesn't exist. Log the user out.
// We won't redirect to the logout endpoint because if this is going off there's something
// broken anyway.
session_destroy();
die("Your session was invalid so we've logged you out.");
}
}
}