KeyAuth-Source-Code/app/session-fetch.php at main · KeyAuth/KeyAuth-Source-Code

This repository was archived by the owner on Jul 4, 2025. It is now read-only.

History

101 lines (84 loc) · 4.76 KB

Raw

100

101

<?php

include '../includes/misc/autoload.phtml';

set_exception_handler(function ($exception) {

error_log("\n--------------------------------------------------------------\n");

error_log($exception);

error_log("\nRequest data:");

error_log(print_r($_POST, true));

error_log("\n--------------------------------------------------------------");

http_response_code(500);

die("Error: " . $exception->getMessage());

});

if (session_status() === PHP_SESSION_NONE) {

session_start();

}

if ($_SESSION['role'] == "Reseller") {

die("Resellers can't access this.");

}

if (!isset($_SESSION['app'])) {

dashboard\primary\error("Application not selected");

die("Application not selected.");

}

if (isset($_POST['draw'])) {

// credits to https://makitweb.com/datatables-ajax-pagination-with-search-and-sort-php/

$draw = intval($_POST['draw']);

$row = intval($_POST['start']);

$rowperpage = intval($_POST['length']); // Rows display per page

$columnIndex = misc\etc\sanitize($_POST['order'][0]['column']); // Column index

$columnName = misc\etc\sanitize($_POST['columns'][$columnIndex]['data']); // Column name

$columnSortOrder = misc\etc\sanitize($_POST['order'][0]['dir']); // asc or desc

$searchValue = misc\etc\sanitize($_POST['search']['value']); // Search value

// whitelist certain column names and sort orders to prevent SQL injection

if (!in_array($columnName, array("id", "credential", "expiry", "validated", "ip"))) {

die("Column name is not whitelisted.");

}

if (!in_array($columnSortOrder, array("desc", "asc"))) {

die("Column sort order is not whitelisted.");

}

if (!is_null($searchValue)) {

$query = misc\mysql\query("select * from `sessions` WHERE (`id` like ? or `credential` like ? or `ip` like ? ) and app = ? order by `" . $columnName . "` " . $columnSortOrder . " limit " . $row . "," . $rowperpage, ["%" . $searchValue . "%", "%" . $searchValue . "%", "%" . $searchValue . "%", $_SESSION['app']]);

}

else {

$query = misc\mysql\query("select * from `sessions` WHERE app = ? order by `" . $columnName . "` " . $columnSortOrder . " limit " . $row . "," . $rowperpage, [$_SESSION['app']]);

}

$data = array();

while ($row = mysqli_fetch_assoc($query->result)) {

$data[] = array(

"id" => $row['id'],

"credential" => $row["credential"] ?? 'N/A',

"expiry" => '<div id="' . $row['id'] . '-expiry"><script>document.getElementById("' . $row['id'] . '-expiry").textContent=convertTimestamp(' . $row["expiry"] . ');</script></div>',

"validated" => ($row['validated'] ? 1 : 0) ? 'true' : 'false',

"ip" => '<span class="blur-sm hover:blur-none">' . ($row['ip'] ?? 'N/A') . '</span>',

"actions" =>

'<form method="POST">

<td>

<span class="mr-1">Actions</span>

</svg>

</button>

<li>

<button name="kill" class="block hover:opacity-60 whitespace-no-wrap py-2 px-4 hover:text-red-700"

value="' . $row["id"] . '">

Kill Session

</button>

</li>

</ul>

</div>

</tr>

</td>

</tr>

</form>',

);

}

## Response

$response = array(

"draw" => intval($draw),

"aaData" => $data

);

die(json_encode($response));

}

die("Request not from datatables, aborted.");

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

FilesExpand file tree

session-fetch.php

Latest commit

History

session-fetch.php

File metadata and controls