Unispace/auth.php at master · ioanziko/Unispace · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?php

if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {

session_start();

if (isset($_COOKIE['token']) && isset($_SESSION["id"])) {

$id = $_SESSION["id"];
$level = $_SESSION["level"];
if (strlen($id)>0 && $id>0 && strlen($level)>0 && $level>0) {

$conn = new mysqli("localhost", "uniadmin", "UNI@dm!n!", "Testing");

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
   mysqli_set_charset($conn,"utf8");

   $time = time();

   $cookie = $_COOKIE['token'];

   if ((preg_match("/^[a-zA-Z0-9]+$/", $cookie) == 1) && strlen($cookie) == 64) {

      $cookie = mysqli_real_escape_string($conn, $cookie);

   	$stmt = $conn->prepare("SELECT `last_visit` FROM (SELECT `token`, `last_visit` FROM `token` WHERE `user_id`=?) AS `tokens` WHERE `token`=?");
$stmt->bind_param( "is", $id, $cookie);

$stmt->execute();
   $stmt->store_result();

   $num_of_rows = $stmt->num_rows;
   $stmt->bind_result($last_visit);
if ($num_of_rows == 1) {
	   $stmt->fetch();

	   if (($time - 900) < $last_visit) {

			$stmt3 = $conn->prepare("UPDATE `token` SET `last_visit`=? WHERE `user_id` = ? AND `token`=?");
			$stmt3->bind_param("iis", $time, $id, $cookie);
			$stmt3->execute();
			$stmt3->close();


	   }
	   else {
		header('Location: ./logout.php');
die();

	   }
}
else {

		header('Location: ./logout.php');
die();


}
   }
   else {

		header('Location: ./logout.php');
die();

   }
}
else {

		header('Location: ./logout.php');
die();

}
}
else {
		header('Location: ./logout.php');
die();

}

}
else {

 header('Location: https://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI']).'/logout.php', true, 301);

    die("");
}

?>