-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsession.php
79 lines (66 loc) · 2.32 KB
/
session.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
/**
* This file is part of InfectedAPI.
*
* Copyright (C) 2017 Infected <http://infected.no/>.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3.0 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*/
require_once 'handlers/sysloghandler.php';
require_once 'handlers/userhandler.php';
require_once 'objects/user.php';
session_start();
/*
* Used to get information from current sessions.
*/
class Session {
/*
* Returns true if the current user is authenticated.
*/
public static function isAuthenticated(): bool {
// Check if we remember this user.
return isset($_SESSION['userId']);
}
/*
* Returns true if the current user is a member (To clarify, is a crew member).
*/
public static function isMember(): bool {
return self::isAuthenticated() && self::getCurrentUser()->isGroupMember();
}
/*
* Returns the current user.
*/
public static function getCurrentUser(): ?User {
if (self::isAuthenticated()) {
return UserHandler::getUser($_SESSION['userId']);
}
}
/*
* Returns the user by the given session id.
*/
public function getUserFromSessionId($sessionId): ?User {
if (!preg_match("/^[a-zA-Z0-9]+$/", $sessionId)) {
SyslogHandler::log("Hack attack! ", "getUserFromSessionId", null, SyslogHandler::SEVERITY_CRITICAL);
return null;
}
$sessionData = exec("cat /var/lib/php/sessions/sess_" . $sessionId); //I am not debugging regex at 0:35 in the morning, and it is temp anyways
$regex = '/userId\|i:(.+);/';
echo "Got session data: " . $sessionData . "\n";
preg_match($regex, $sessionData, $matches);
//echo "Got match data: " . print_r($matches) . "\n";
$id = $matches[1]; //$matches[0] returns the entire regex, $matches[1] returns the first subgroup.
return UserHandler::getUser($id);
}
}
?>