svrjs-mods-directory/includes/moderation_init.php

<?php
if (!defined('SVRJS_MOD_DIRECTORY')) die;
if (!defined('SVRJS_MOD_DIRECTORY_MODERATION')) die;

// THIS PHP SCRIPT INCLUDE IS JUST FOR HTML PAGES! IT'S NOT INTENDED FOR OTHER FORMATS
ob_start();

// Enable session strict mode
ini_set('session.use_strict_mode', '1');

// Set session cookie flags
ini_set('session.cookie_httponly', '1');
if (isset($_SERVER['HTTPS'])) ini_set('session.cookie_secure', '1');

// Register the custom session handler
$sessionHandler = new MySQLSessionHandler($connection);
session_set_save_handler(
    array($sessionHandler, 'open'),
    array($sessionHandler, 'close'),
    array($sessionHandler, 'read'),
    array($sessionHandler, 'write'),
    array($sessionHandler, 'destroy'),
    array($sessionHandler, 'gc'),
    array($sessionHandler, 'create_sid'),
    array($sessionHandler, 'validate_sid')
);

if (session_start()) {
    setupHeaders();
    if (isset($_SESSION['user'])) {
        $statement = $connection->prepare("SELECT id, username, is_moderator FROM users WHERE id = ? AND is_suspended = 0 AND is_deleted = 0 AND is_verified = 1");
        if (!$statement) {
            unset($_SESSION['user']);
        } else {
            $statement->bind_param("i", $_SESSION['user']);
            $statement->execute();

            $result = $statement->get_result();
            if (!$result) {
                unset($_SESSION['user']);
            } else {
                $row = $result->fetch_assoc();
                if (!$row) {
                    unset($_SESSION['user']);
                } elseif (!$row['is_moderator']) {
                    http_response_code(403);
                    include 'moderation_notallowed.php';
                    include 'moderation_final.php';
                    include 'final.php';
                    exit();
                }
            }
        }
    }

    if (!isset($_SESSION['user'])) {
        http_response_code(403);
        include 'moderation_notallowed.php';
        include 'moderation_final.php';
        include 'final.php';
        exit();
    }
} else {
    setupHeaders();
    http_response_code(403);
    include 'moderation_notallowed.php';
    include 'moderation_final.php';
    include 'final.php';
    exit();
}

$csrfToken = "";
if (isset($_SESSION['moderation_csrf'])) {
    $csrfToken = $_SESSION['moderation_csrf'];
} else {
    if (function_exists('random_bytes')) {
        $csrfToken = bin2hex(random_bytes(32));
    } else {
        $csrfToken = '';
        for ($i = 0; $i < 32; $i++) {
            $csrfToken = $csrfToken . bin2hex(rand(0, 255));
        }
    }
    $_SESSION['moderation_csrf'] = $csrfToken;
}
chore: init 2024-12-27 15:05:54 +01:00			`<?php`
			`if (!defined('SVRJS_MOD_DIRECTORY')) die;`
			`if (!defined('SVRJS_MOD_DIRECTORY_MODERATION')) die;`

			`// THIS PHP SCRIPT INCLUDE IS JUST FOR HTML PAGES! IT'S NOT INTENDED FOR OTHER FORMATS`
			`ob_start();`

			`// Enable session strict mode`
			`ini_set('session.use_strict_mode', '1');`

			`// Set session cookie flags`
			`ini_set('session.cookie_httponly', '1');`
			`if (isset($_SERVER['HTTPS'])) ini_set('session.cookie_secure', '1');`

			`// Register the custom session handler`
			`$sessionHandler = new MySQLSessionHandler($connection);`
			`session_set_save_handler(`
			`array($sessionHandler, 'open'),`
			`array($sessionHandler, 'close'),`
			`array($sessionHandler, 'read'),`
			`array($sessionHandler, 'write'),`
			`array($sessionHandler, 'destroy'),`
			`array($sessionHandler, 'gc'),`
			`array($sessionHandler, 'create_sid'),`
			`array($sessionHandler, 'validate_sid')`
			`);`

			`if (session_start()) {`
			`setupHeaders();`
			`if (isset($_SESSION['user'])) {`
			`$statement = $connection->prepare("SELECT id, username, is_moderator FROM users WHERE id = ? AND is_suspended = 0 AND is_deleted = 0 AND is_verified = 1");`
			`if (!$statement) {`
			`unset($_SESSION['user']);`
			`} else {`
			`$statement->bind_param("i", $_SESSION['user']);`
			`$statement->execute();`

			`$result = $statement->get_result();`
			`if (!$result) {`
			`unset($_SESSION['user']);`
			`} else {`
			`$row = $result->fetch_assoc();`
			`if (!$row) {`
			`unset($_SESSION['user']);`
			`} elseif (!$row['is_moderator']) {`
			`http_response_code(403);`
			`include 'moderation_notallowed.php';`
			`include 'moderation_final.php';`
			`include 'final.php';`
			`exit();`
			`}`
			`}`
			`}`
			`}`

			`if (!isset($_SESSION['user'])) {`
			`http_response_code(403);`
			`include 'moderation_notallowed.php';`
			`include 'moderation_final.php';`
			`include 'final.php';`
			`exit();`
			`}`
			`} else {`
			`setupHeaders();`
			`http_response_code(403);`
			`include 'moderation_notallowed.php';`
			`include 'moderation_final.php';`
			`include 'final.php';`
			`exit();`
			`}`

			`$csrfToken = "";`
			`if (isset($_SESSION['moderation_csrf'])) {`
			`$csrfToken = $_SESSION['moderation_csrf'];`
			`} else {`
			`if (function_exists('random_bytes')) {`
			`$csrfToken = bin2hex(random_bytes(32));`
			`} else {`
			`$csrfToken = '';`
			`for ($i = 0; $i < 32; $i++) {`
			`$csrfToken = $csrfToken . bin2hex(rand(0, 255));`
			`}`
			`}`
			`$_SESSION['moderation_csrf'] = $csrfToken;`
			`}`