-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
executable file
·70 lines (55 loc) · 2.44 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
require_once "config.php";
$time = time();
$expiration = $time + 2592000;
session_start();
if (isset($_GET['clearSession']) OR isset($_GET['logout']) OR isset($_GET['provider'])) $_SESSION['TOKEN_ID']=0;
if (isset($_GET['clearSession'])) exit();
if (!isset($_SESSION['TOKEN_ID'])) $_SESSION['TOKEN_ID'] = 0;
if (!isset($_SESSION['TOKEN_EXP'])) $_SESSION['TOKEN_EXP'] = 0;
if (!isset($_SESSION['TOKEN_VAL'])) $_SESSION['TOKEN_VAL'] = 0;
if (isset($_GET['token_id']) AND is_numeric($_GET['token_id']) AND isset($_GET['otk'])) {
include_once("common.php");
$_SESSION['TOKEN_ID'] = 0;
$_SESSION['TOKEN_EXP'] = 0;
$domain = TATAG_DOMAIN ."/token/". $_GET['token_id'] ."?otk=". $_GET['otk'];
$data = request($domain, "POST", new stdClass());
if (is_array($data) AND $data[0]) {
$_SESSION['TOKEN_ID'] = 'token-'.$data[0]->token_id;
$_SESSION['TOKEN_VAL'] = $data[0]->token_val;
$_SESSION['TOKEN_EXP'] = $expiration;
} //else {print_r($data); exit();}
}
$handler = trim($_GET['_url'], " \/\\\t\n\r\0\x0B");
if (isset($_GET['for']) AND $_GET['for']) $handler = "wallet";
else if (!$handler OR strpos($handler,'home')!==false) $handler='home';
else if (strpos($handler,'wallet')!==false OR strpos($handler,'pay')!==false) $handler='wallet';
if (( /*SITE!='dev' //require login prior to public alpha release
OR*/ (isset($_GET['login']) AND $_GET['login'])
OR $handler != 'home'
) && (
!isset($_SESSION)
OR !$_SESSION['TOKEN_ID']
OR !$_SESSION['TOKEN_VAL']
OR $time > $_SESSION['TOKEN_EXP']
)) {
require_once "common.php";
$data = request(TATAG_DOMAIN ."/token", "POST", new stdClass());
$token_id = $data[0]->token_id;
$otk = $data[0]->otk;
$nextParams = array();
if (isset($_GET['for'])) $nextParams[] = 'for='. $_GET['for'];
if (isset($_GET['to'])) $nextParams[] = 'to='. $_GET['to'];
if (isset($_GET['amount'])) $nextParams[] = 'amount='. $_GET['amount'];
if (isset($_GET['note'])) $nextParams[] = 'note='. $_GET['note'];
$nextParams = implode("&", $nextParams);
$next = urlencode(UI_DOMAIN."$_GET[_url]?$nextParams");
$location = TATAG_DOMAIN ."/login.php?token_id=$token_id&otk=$otk";
$provider = isset($_GET['provider']) ? $_GET['provider'] : ''; //exit($next);
//rely on tatag api to list all login providers, instead of assuming which ones are allowed
header("location: ". TATAG_DOMAIN ."/login.php?token_id=$token_id&otk=$otk&next=$next");
}
else {
$_SESSION['TOKEN_EXP'] = $expiration;
include "$handler.php";
}