forked from Cyclone-Team/e949
38 lines
833 B
PHP
38 lines
833 B
PHP
<?php
|
|
|
|
require_once("_db.php"); //("api/_db.php");
|
|
|
|
|
|
|
|
//session_start();
|
|
// This ^ should be placed at login stage
|
|
|
|
$LOGGED_IN = false;
|
|
|
|
if (isset($_SESSION["userid"])) {
|
|
// Check if user still exist
|
|
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
|
$s->bind_param("s", $_SESSION["userid"]);
|
|
$s->execute();
|
|
if (!(bool)$s->get_result()->fetch_assoc()) { // If not, then destroy session
|
|
session_unset();
|
|
session_destroy();
|
|
echo "user id does not exist";
|
|
die("user id used in session does not exist");
|
|
}
|
|
$LOGGED_IN = true;
|
|
} else {
|
|
// ATTENTION: idk will this work, but this can be theoretically unsafe or cause fault
|
|
|
|
if (session_status()) {
|
|
session_unset();
|
|
session_destroy();
|
|
}
|
|
|
|
if (isset($_COOKIE["PHPSESSID"])) {
|
|
unset($_COOKIE["PHPSESSID"]);
|
|
setcookie("PHPSESSID", "", time() - 3600, "/");
|
|
}
|
|
}
|
|
|
|
?>
|