<?php
$logged_in = session_check();
$token = null;
if(isset($_POST['token'])) $token = $_POST['token'];
else if(isset($_GET['token'])) $token = $_GET['token'];
function auth_check() {
global $token, $server_secret;
if(!$token || $_COOKIE['token'] != $token) {
echo "Token mismatch";
exit;
}
if(!$_COOKIE['auth'] || $_COOKIE['auth'] != sha1($server_secret.$_COOKIE['id'])) {
echo "Auth mismatch";
exit;
}
}
function session_check() {
global $server_secret;
if($_COOKIE['auth'] && $_COOKIE['id'] && $_COOKIE['auth'] ==
sha1($server_secret.$_COOKIE['id'])) {
SetCookie('token', sha1($auth.rand()));
return 1;
}
return 0;
}
?>
