-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsession.php
More file actions
123 lines (104 loc) · 3.73 KB
/
session.php
File metadata and controls
123 lines (104 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
// Set Discord URLs
$authorizeURL = 'https://discordapp.com/api/oauth2/authorize';
$tokenURL = 'https://discordapp.com/api/oauth2/token';
$apiURLBase = 'https://discordapp.com/api/users/@me';
// Start session
session_start();
// If logout is sent
if(isset($_POST['logout'])) {
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
}
// If need to exchange code
if(get('code')) {
// Define domain (with stripped trailing slash and Discord code)
$patterns = [
"/(.*?)\/index.php$/",
"/(.*?)\/$/",
"/(.*?)\/\?code=(.*?)$/"
];
$domainSplit = preg_replace($patterns, '$1', $domain);
// Create API request
$token = apiRequest($tokenURL, array(
"grant_type" => "authorization_code",
'client_id' => $discord['client'],
'client_secret' => $discord['secret'],
'redirect_uri' => $domainSplit,
'code' => get('code')
));
// Create logout token and set access token
$logout_token = $token->access_token;
$_SESSION['access_token'] = $token->access_token;
// Reload page
header('Location: '.$_SERVER['PHP_SELF']);
}
// If token has been exchanged, a user is authenticated
else if(session('access_token') && !isset($_SESSION['id'])) {
// Get user information from API
$swapUser = apiRequest($apiURLBase);
// Assign SESSION variables
$_SESSION['username'] = $swapUser->username;
$_SESSION['discriminator'] = $swapUser->discriminator;
$_SESSION['avatar'] = "https://cdn.discordapp.com/avatars/".$swapUser->id."/".$swapUser->avatar;
$_SESSION['id'] = $swapUser->id;
$_SESSION['email'] = $swapUser->email;
$user = $db->query("SELECT name, avatar, discriminator FROM users WHERE discordID = ".$_SESSION['id']);
// If not already in database
if($user->num_rows == 0) {
$date = date("Y-m-d h:i:s A");
$addUser = $db->prepare("INSERT INTO users (discordID, banned, name, discriminator, avatar, email, joinDate) VALUES (?, 0, ?, ?, ?, ?, ?)");
$addUser->bind_param("isssss", $_SESSION['id'], $_SESSION['username'], $_SESSION['discriminator'], $_SESSION['avatar'], $_SESSION['email'], $date);
$addUser->execute();
}
// If in database
else {
$user = $user->fetch_assoc();
// If user information doesn't match
if($user['name'] != $_SESSION['username'] || $user['avatar'] != $_SESSION['avatar'] || $user['discriminator'] != $_SESSION['discriminator']) {
$updateUser = $db->prepare("UPDATE users SET name = ?, discriminator = ?, avatar = ? WHERE discordID = ?");
$updateUser->bind_param("sssi", $_SESSION['username'], $_SESSION['discriminator'], $_SESSION['avatar'], $_SESSION['id']);
$updateUser->execute();
}
}
}
// If need to send to Discord for login
else if(!isset($_SESSION['id']) && isset($_POST['login'])) {
// Define domain (with stripped trailing slash)
$patterns = [
"/(.*?)\/index.php$/",
"/(.*?)\/$/",
];
$domainSplit = preg_replace($patterns, '$1', $domain);
// Create parameters
$params = array(
'client_id' => $discord['client'],
'redirect_uri' => $domainSplit,
'response_type' => 'code',
'scope' => 'identify guilds guilds.join email'
);
// Redirect the user to Discord's authorization page
header('Location: https://discordapp.com/api/oauth2/authorize' . '?' . http_build_query($params));
die();
}
if(isset($_SESSION['id'])) {
// Grab user
$user = $db->query("SELECT banned FROM users WHERE discordID = ".$_SESSION['id']);
$user = $user->fetch_assoc();
// See if they're banned
if($user['banned'] == true) {
echo "You have been banned from this site.";
die();
}
// If user is an admin
elseif(in_array($_SESSION['id'], $site['admins'])) {
$_SESSION['admin'] = true;
}
// If user isn't an admin
else {
$_SESSION['admin'] = false;
}
}
?>