shopping-list/php/auth.php

<?php
  include $_SESSION["docroot"].'/config/config.php';
  include $_SESSION["docroot"].'/php/connect.php';
  if(!(preg_match("/error.+/", $_SERVER["REQUEST_URI"])))
  {
    # clear expired sessions from the database
    $mysqli->query('DELETE FROM `sessions` WHERE `expires` < NOW();');

    if(isset($_COOKIE["token"])){
      $token = $_COOKIE["token"];
    }
    else{
      $token = "-1";
    }

    $selectQuery = $mysqli->prepare('SELECT * FROM `sessions` WHERE `session_id` = ?;');
    $selectQuery->bind_param("s", $token);
    $selectQuery->execute();
    $result = $selectQuery->get_result();

    if(($result->num_rows) == 0 && (!(in_array("site", array_keys($_GET))) || $_GET["site"]!="login"))
    {
      header('Location: /login/url='.$_SERVER["REQUEST_URI"]);
    }
    $mysqli->close();
  }
?>
initial commit 2018-10-24 15:00:27 +02:00			`<?php`
			`include $_SESSION["docroot"].'/config/config.php';`
			`include $_SESSION["docroot"].'/php/connect.php';`
			`if(!(preg_match("/error.+/", $_SERVER["REQUEST_URI"])))`
			`{`
added removal of expired sessions on check for valid session 2018-10-26 19:04:49 +02:00			`# clear expired sessions from the database`
			$mysqli->query('DELETE FROM `sessions` WHERE `expires` < NOW();');

manual merge 2019-05-19 18:37:00 +02:00			`if(isset($_COOKIE["token"])){`
			`$token = $_COOKIE["token"];`
			`}`
			`else{`
			`$token = "-1";`
			`}`

sql sanitizing 2019-05-22 10:16:13 +02:00			$selectQuery = $mysqli->prepare('SELECT * FROM `sessions` WHERE `session_id` = ?;');
			`$selectQuery->bind_param("s", $token);`
			`$selectQuery->execute();`
			`$result = $selectQuery->get_result();`
initial commit 2018-10-24 15:00:27 +02:00
manual merge 2019-05-19 18:37:00 +02:00			`if(($result->num_rows) == 0 && (!(in_array("site", array_keys($_GET))) \|\| $_GET["site"]!="login"))`
initial commit 2018-10-24 15:00:27 +02:00			`{`
			`header('Location: /login/url='.$_SERVER["REQUEST_URI"]);`
			`}`
			`$mysqli->close();`
			`}`
			`?>`