From 93e06457169322a3a4fa816c1a399e248b79246e Mon Sep 17 00:00:00 2001
From: "eapl.mx" <eapl@gemugami.com>
Date: Thu, 23 Jan 2025 13:14:07 -0600
Subject: [PATCH] fix(session): replace old auth method with libs/session.php

---
 libs/session.php        |  6 ++++--
 partials/header.php     |  7 +++----
 partials/listSelect.php | 33 +++++++++++++++------------------
 partials/lists.php      | 37 ++++++++++++++++++-------------------
 partials/timeline.php   |  3 ++-
 views/__profile.php     | 17 +++++++++--------
 views/conv.php          |  6 ++++--
 views/following.php     | 14 +++++++-------
 views/login.php         | 12 ++++++------
 views/profile.php       |  6 ++++--
 views/replies.php       |  8 +++++---
 11 files changed, 77 insertions(+), 72 deletions(-)

diff --git a/libs/session.php b/libs/session.php
index a920687..0e5bfcb 100644
--- a/libs/session.php
+++ b/libs/session.php
@@ -16,14 +16,16 @@ if (isset($_POST['submit_pass']) && $_POST['pass']) {
     $passwordInForm = $_POST['pass'];
 
     if ($passwordInForm == $passwordInConfig) {
-        $_SESSION['password'] = $passwordInForm;
+        # TODO: Remove this legacy auth method completely
+        # $_SESSION['password'] = $passwordInForm;
         saveLogin();
     } elseif ($isCodeValid = verifyTOTP(
         $config['totp_secret'],
         $passwordInForm,
         intval($config['totp_digits'])
     )) {
-        $_SESSION['password'] = 'valid_totp';
+        # TODO: Remove this legacy auth method completely
+        # $_SESSION['password'] = 'valid_totp';
         saveLogin();
     } else {
         $error = 'Incorrect Password';
diff --git a/partials/header.php b/partials/header.php
index c5f03e9..c76a9e6 100644
--- a/partials/header.php
+++ b/partials/header.php
@@ -1,7 +1,7 @@
 <?php
+require_once 'libs/session.php';
 
 $profile = getTwtsFromTwtxtString($config['public_txt_url']);
-
 ?>
 <!doctype html>
 <html>
@@ -9,7 +9,7 @@ $profile = getTwtsFromTwtxtString($config['public_txt_url']);
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <link rel="icon" type="image/x-icon" href="<?= $baseURL ?>/media/logo.png">
-    <?php if( isset($_SESSION['password'])) { ?>
+    <?php if (hasValidSession()) { ?>
         <script src="<?= $baseURL ?>/libs/tiny-mde.min.js"></script>
         <link rel="stylesheet" type="text/css" href="<?= $baseURL ?>/libs/tiny-mde.css" />
     <?php } ?>
@@ -43,8 +43,7 @@ $profile = getTwtsFromTwtxtString($config['public_txt_url']);
 
         <ul class="secondary">
             <?php //if ($validSession) {  // TODO: Make login secure ?>
-            <?php if( isset($_SESSION['password'])) { /*
-                if($_SESSION['password']=="$password") {*/ // Hacky login ?>
+            <?php if (hasValidSession()) { // Hacky login ?>
                 <li><a href="<?= $baseURL ?>/refresh?url=<?= $url ?>"><i class="fa fa-refresh"></i><span>Refresh</span></a></li>
                 <li><a href="<?= $baseURL ?>"><i class="fa fa-comments-o"></i><span>Timeline</span></a></li>
                 <?php if (!empty($config['public_webmentions'])) { ?>
diff --git a/partials/listSelect.php b/partials/listSelect.php
index 09c1b13..2e6623b 100644
--- a/partials/listSelect.php
+++ b/partials/listSelect.php
@@ -4,27 +4,24 @@
   <select name="list" onchange="this.form.submit()">
     <option value="twtxt.txt" selected>twtxt.txt (Main)</option>
     <?php
-
+    require_once 'libs/session.php';
     // TODO: fix it so if List -> Selected for both public and private lists
 
-    if (isset($_SESSION['password'])) {
-      if ($_SESSION['password'] == "$passwordInConfig") { // Hacky login
-
-        // Private lists
-        echo "<option disabled>Private Lists:</option>";
-        foreach (glob("private/twtxt-*.txt") as $filename) {
-          if ($filename == $_GET['lists']) $attr = "selected";
-          else $attr = "";
-          $listName = $filename;
-          $listName = str_replace("private/twtxt-", "", $listName);
-          $listName = str_replace("_", " ", $listName);
-          $listName = str_replace(".txt", "", $listName);
-          echo "<option value='{$filename}' {$attr}>$listName</option>";
-        }
-
-        // Public Lists
-        echo "<option disabled>Public Lists:</option>";
+    if (hasValidSession()) {
+      // Private lists
+      echo "<option disabled>Private Lists:</option>";
+      foreach (glob("private/twtxt-*.txt") as $filename) {
+        if ($filename == $_GET['lists']) $attr = "selected";
+        else $attr = "";
+        $listName = $filename;
+        $listName = str_replace("private/twtxt-", "", $listName);
+        $listName = str_replace("_", " ", $listName);
+        $listName = str_replace(".txt", "", $listName);
+        echo "<option value='{$filename}' {$attr}>$listName</option>";
       }
+
+      // Public Lists
+      echo "<option disabled>Public Lists:</option>";
     }
 
     foreach (glob("twtxt-*.txt") as $filename) {
diff --git a/partials/lists.php b/partials/lists.php
index ac0d3a1..03e9ace 100644
--- a/partials/lists.php
+++ b/partials/lists.php
@@ -4,32 +4,31 @@
   <select name="list" onchange="this.form.submit()">
     <option value="twtxt.txt" selected>twtxt.txt (Main)</option>
     <?php
-
+    require_once 'libs/session.php';
     // TODO: fix it so if List -> Selected for both public and private lists
 
-    if (isset($_SESSION['password'])) {
-      if ($_SESSION['password'] == "$passwordInConfig") { // Hacky login
+    if (hasValidSession()) {
+      // Private lists
+      echo "<option disabled>Private Lists:</option>";
+      foreach (glob("private/twtxt-*.txt") as $filename) {
+        if ($filename == $_GET['list']) { $attr = "selected"; }
+        else { $attr = ""; }
 
-        // Private lists
-        echo "<option disabled>Private Lists:</option>";
-        foreach (glob("private/twtxt-*.txt") as $filename) {
-          if ($filename == $_GET['list']) $attr = "selected";
-          else $attr = "";
-          $listName = $filename;
-          $listName = str_replace("private/twtxt-", "", $listName);
-          $listName = str_replace("_", " ", $listName);
-          $listName = str_replace(".txt", "", $listName);
-          echo "<option value='{$filename}' {$attr}>$listName</option>";
-        }
-
-        // Public Lists
-        echo "<option disabled>Public Lists:</option>";
+        $listName = $filename;
+        $listName = str_replace("private/twtxt-", "", $listName);
+        $listName = str_replace("_", " ", $listName);
+        $listName = str_replace(".txt", "", $listName);
+        echo "<option value='{$filename}' {$attr}>$listName</option>";
       }
+
+      // Public Lists
+      echo "<option disabled>Public Lists:</option>";
     }
 
     foreach (glob("twtxt-*.txt") as $filename) {
-      if ($filename == $_GET['list']) $attr = "selected";
-      else $attr = "";
+      if ($filename == $_GET['list']) { $attr = "selected"; }
+      else { $attr = ""; }
+
       $listName = $filename;
       $listName = str_replace("twtxt-", "", $listName);
       $listName = str_replace("_", " ", $listName);
diff --git a/partials/timeline.php b/partials/timeline.php
index 552ca57..f553e20 100644
--- a/partials/timeline.php
+++ b/partials/timeline.php
@@ -39,7 +39,8 @@
 				}
 				*/
 
-				if (isset($_SESSION['password'])) {
+				require_once 'libs/session.php';
+				if (hasValidSession()) {
 					echo ' | <a href="' . $baseURL . '/new?hash=' . $twt->hash . '">Reply</a>';
 				}
 
diff --git a/views/__profile.php b/views/__profile.php
index 33911f5..8397626 100644
--- a/views/__profile.php
+++ b/views/__profile.php
@@ -1,18 +1,16 @@
 <?php
-require_once("partials/base.php");
+require_once "partials/base.php";
 
-$title = "Profile for"." - ".$title;
+$title = "Profile for - $title";
 
-include('partials/header.php');
+include 'partials/header.php';
 ?>
 
 <!-- PHP: PROFILE CARD -->
 <?php
-
 //$twtsURL = $config['public_txt_url'];
 //$profile = getTwtsFromTwtxtString($twtsURL);
 
-
 /* from base.php */
 
 # Show twts only for URL in query request, else show user timeline
@@ -35,7 +33,7 @@ else { // Show timeline for the URL
     $twtsURL = $config['public_txt_url'];
     // $twtsURL = "https://lyse.isobeef.org/twtxt.txt";
     // $profile = getTwtsFromTwtxtString($twtsURL);
-    header("Location: ".$baseURL."/profile?url=".$twtsURL);
+    header("Location: $baseURL/profile?url=$twtsURL");
 
     /*
     if (filter_var($twtsURL, FILTER_VALIDATE_URL) === FALSE) {
@@ -94,9 +92,12 @@ krsort($twts, SORT_NUMERIC);
 
 <!-- PHP: NEW POST BOX -->
 <?php
-if( isset($_SESSION['password'])) {
+require_once 'libs/session.php';
+
+if (hasValidSession()) {
     include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
-} ?>
+}
+?>
 
 <!-- PHP: TIMELINE --><?php include 'partials/timeline.php'?>
 
diff --git a/views/conv.php b/views/conv.php
index ef6d08f..60010da 100644
--- a/views/conv.php
+++ b/views/conv.php
@@ -26,10 +26,12 @@ include_once 'partials/header.php';
 
 
 <?php
+require_once 'libs/session.php';
 
-if (isset($_SESSION['password'])) {
+if (hasValidSession()) {
     $textareaValue = "(#$id) ";
     include 'views/new_twt.php';
-} ?>
+}
+?>
 
 <!-- PHP: GET FOOTER  --><?php include_once 'partials/footer.php';?>
\ No newline at end of file
diff --git a/views/following.php b/views/following.php
index 714e8cd..966918e 100644
--- a/views/following.php
+++ b/views/following.php
@@ -1,12 +1,12 @@
 <?php
-require_once("partials/base.php");
+require_once 'partials/base.php';
 
-$title = "Following - " . $title;
+$title = "Following - $title";
 
 include 'partials/header.php';
+require_once 'libs/session.php';
 
 // TODO: Include profile-card, but only tagcloud for user, not all feeds in cache
-
 ?>
 
 <center>
@@ -18,7 +18,7 @@ include 'partials/header.php';
             <!-- <th></th> -->
             <th>Nick</th>
             <th>URL</th>
-            <?php if (isset($_SESSION['password']) && $_SESSION['password'] == "$passwordInConfig") { ?>
+            <?php if (hasValidSession()) { ?>
                 <th>Time ago</th>
             <?php } ?>
         </tr>
@@ -29,13 +29,13 @@ include 'partials/header.php';
                 <td><a href="<?= $baseURL ?>/profile?url=<?= $currentFollower[1] ?>"><?= $currentFollower[0] ?></a></td>
                 <!-- <td><a href="/?twt=<?= $currentFollower[1] ?>"><?= $currentFollower[0] ?></a></td> -->
                 <td><?= $currentFollower[1] ?>
-                    <!-- <?php //if ($validSession) { 
+                    <!-- <?php //if ($validSession) {
                             ?> -->
                     <!-- <a href="?remove_url=<?= $currentFollower[1] ?>">Remove</a> -->
-                    <!-- <?php // } 
+                    <!-- <?php // }
                             ?> -->
                 </td>
-                <?php if (isset($_SESSION['password']) && $_SESSION['password'] == "$passwordInConfig") { ?>
+                <?php if (hasValidSession()) { ?>
                     <td>
                         <?php
                         // Test first if URL is a valid feed:
diff --git a/views/login.php b/views/login.php
index 116824d..4b9081b 100644
--- a/views/login.php
+++ b/views/login.php
@@ -1,14 +1,14 @@
 <?php
-require_once "partials/base.php";
+require_once 'partials/base.php';
 
 $title = "Login - $title";
 
 // $password comes from libs/session.php
-if (isset($_SESSION['password'])) {
-    if ($_SESSION['password'] == $passwordInConfig) {
-        header("Location: .");
-        die();
-    }
+require_once 'libs/session.php';
+
+if (hasValidSession()) {
+    header("Location: .");
+    die();
 } else {
     include 'partials/header.php';
 ?>
diff --git a/views/profile.php b/views/profile.php
index 1c55ecf..915347c 100644
--- a/views/profile.php
+++ b/views/profile.php
@@ -17,9 +17,11 @@ include_once 'partials/header.php';
 
 include_once 'partials/profile_card.php';
 
-if( isset($_SESSION['password'])) {
+require_once 'libs/session.php';
+
+if (hasValidSession()) {
     include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
-} 
+}
 
 //include_once 'partials/search.php';
 
diff --git a/views/replies.php b/views/replies.php
index b73c360..65eb15b 100644
--- a/views/replies.php
+++ b/views/replies.php
@@ -19,9 +19,11 @@ include_once 'partials/header.php';
 
 include_once 'partials/profile_card.php';
 
-if( isset($_SESSION['password'])) {
+require_once 'libs/session.php';
+
+if (hasValidSession()) {
     include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
-} 
+}
 
 //include_once 'partials/search.php';
 
@@ -31,7 +33,7 @@ include_once 'partials/footer.php';
 
 /*
 
-// Old replies // 
+// Old replies //
 
 <?php
 require_once("partials/base.php");