46 lines
1.3 KiB
PHP
46 lines
1.3 KiB
PHP
<?php
|
|
// Accepts JSON { user: "DOM\\user" } from same-origin JS and sets cookie
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
|
|
$referer = $_SERVER['HTTP_REFERER'] ?? '';
|
|
$allowed = 'https://opwsinf.appliarmony.net';
|
|
$ok = false;
|
|
if ($origin && stripos($origin, $allowed) === 0) $ok = true;
|
|
if ($referer && stripos($referer, $allowed) === 0) $ok = true;
|
|
if (!$ok) {
|
|
http_response_code(403);
|
|
echo json_encode(['error'=>'forbidden origin']);
|
|
exit;
|
|
}
|
|
|
|
$raw = file_get_contents('php://input');
|
|
$data = json_decode($raw, true);
|
|
if (!is_array($data) || empty($data['user'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['error'=>'invalid payload']);
|
|
exit;
|
|
}
|
|
|
|
$user = $data['user'];
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? '';
|
|
|
|
$cookie = [
|
|
'user' => $user,
|
|
'ip' => $ip,
|
|
'created' => date('Y-m-d H:i:s'),
|
|
'last' => date('Y-m-d H:i:s'),
|
|
];
|
|
|
|
// Cookie host-only (no Domain) ;
|
|
setcookie('UserInfo', json_encode($cookie), [
|
|
'expires' => time() + 86400*365,
|
|
'path' => '/',
|
|
// 'domain' => '.appliarmony.net',
|
|
'secure' => true,
|
|
'httponly' => true,
|
|
'samesite' => 'Lax',
|
|
]);
|
|
|
|
echo json_encode(['ok'=>true, 'user'=>$user]);
|