-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathview-init.php
78 lines (67 loc) · 2.02 KB
/
view-init.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
require "creds.php";
require "../sso/common.php";
validate_token("https://infotoast.org/todos/view-init.php");
if (get_user_level() < 2) {
http_response_code(302);
header("Location: https://infotoast.org/todos/view.php");
die();
}
$username = get_username();
$user_id = get_user_id();
$conn = mysqli_connect(get_database_host(), get_database_username(), get_database_password(), get_database_db());
if ($conn->connect_error) {
http_response_code(500);
die("Could not connect to database!");
}
$sql = $conn->prepare("SELECT * FROM tokens WHERE user_id = ?;");
$uid = $user_id;
$sql->bind_param('i', $uid);
$sql->execute();
if ($result = $sql->get_result()) {
while ($row = $result->fetch_assoc()) {
$token = $row['token'];
?>
<!DOCTYPE html>
<html>
<head>
<title>Loading...</title>
<script type="text/javascript">
var tz_offset = new Date().getTimezoneOffset();
tz_offset = tz_offset == 0 ? 0 : -tz_offset;
console.log(tz_offset);
window.location.replace("https://infotoast.org/todos/view.php?token=<?php echo $token ?>&tz=" + tz_offset);
</script>
</head>
<body>
<noscript>JavaScript must be enabled for this function to work!</noscript>
</body>
</html><?php
die();
}
}
$token = random_bytes(16);
$sql2 = $conn->prepare("INSERT INTO tokens (user_id, username, token) VALUES (?, ?, SHA2(?, 256));");
$uid2 = $user_id;
$uname = $username;
$sql2->bind_param('iss', $uid2, $uname, $token);
$sql2->execute();
$conn->commit();
$conn->close();
header("Location: " . $_SERVER["REQUEST_URI"]);
?>
<!DOCTYPE html>
<html>
<head>
<title>Loading...</title>
<script type="text/javascript">
var tz_offset = new Date().getTimezoneOffset();
tz_offset = tz_offset == 0 ? 0 : -tz_offset;
console.log(tz_offset);
window.location.replace("https://infotoast.org/todos/view.php?token<?php echo $token ?>&tz=" + tz_offset);
</script>
</head>
<body>
<noscript>JavaScript must be enabled for this function to work!</noscript>
</body>
</html>