auth/validate.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/config.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/alert.php';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $token = $_POST['access_token'] ?? null;

    if (!isset($token)) {
        exit(create_alert('/', 400, 'No access token provided.', null));
    }

    $hash = hash('sha256', $token);

    $db = new PDO(DB_URL, DB_USER, DB_PASS);

    $stmt = $db->prepare('SELECT user_id FROM tokens WHERE `hash` = ?');
    $stmt->execute([$hash]);
    $token = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;

    if (!$token) {
        exit(create_alert('/', 401, 'Incorrect token.', null));
    }

    exit(create_alert('/', 200, null, ['id' => $token['user_id']]));
}