leo/lookingglass
1
0
Fork 0
mirror of https://github.com/hybula/lookingglass.git synced 2024-09-21 05:20:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rewrite method / session handling

Browse source
This commit is contained in:
Marc Hagen 2022-11-23 12:50:50 +01:00
parent f7737e933e
commit d402cb4cc4
No known key found for this signature in database
1 changed files with 47 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
index.php
View file

@ -16,53 +16,57 @@ require __DIR__.'/bootstrap.php';
use Hybula\LookingGlass; use Hybula\LookingGlass;
$errorMessage = null;
if (!empty($_POST)) { if (!empty($_POST)) {
do { if (!isset($_POST['csrfToken']) || !isset($_SESSION[LookingGlass::SESSION_CSRF]) || ($_POST['csrfToken'] !== $_SESSION[LookingGlass::SESSION_CSRF])) {
if (!isset($_POST['csrfToken']) || !isset($_SESSION['CSRF']) || ($_POST['csrfToken'] != $_SESSION['CSRF'])) { exitErrorMessage('Missing or incorrect CSRF token.');
$errorMessage = 'Missing or incorrect CSRF token.';
break;
}
if (isset($_POST['submitForm'])) {
if (!in_array($_POST['backendMethod'], LG_METHODS)) {
$errorMessage = 'Unsupported backend method.';
break;
}
$_SESSION['METHOD'] = $_POST['backendMethod'];
$_SESSION['TARGET'] = $_POST['targetHost'];
if (!isset($_POST['checkTerms']) && LG_TERMS) {
$errorMessage = 'You must agree with the Terms of Service.';
break;
} }
if (in_array($_POST['backendMethod'], ['ping', 'mtr', 'traceroute'])) { if (!isset($_POST['submitForm']) || !isset($_POST['backendMethod']) || !isset($_POST['targetHost'])) {
if (!LookingGlass::isValidIpv4($_POST['targetHost'])) { exitErrorMessage('Unsupported POST received.');
$targetHost = LookingGlass::isValidHost($_POST['targetHost'], LookingGlass::IPV4);
if (!$targetHost) {
$errorMessage = 'No valid IPv4 provided.';
break;
} }
$_SESSION['TARGET'] = $targetHost;
if (!in_array($_POST['backendMethod'], LG_METHODS)) {
exitErrorMessage('Unsupported backend method.');
}
$_SESSION[LookingGlass::SESSION_TARGET_METHOD] = $_POST['backendMethod'];
$_SESSION[LookingGlass::SESSION_TARGET_HOST] = $_POST['targetHost'];
if (!isset($_POST['checkTerms']) && LG_TERMS) {
exitErrorMessage('You must agree with the Terms of Service.');
}
$targetHost = $_POST['targetHost'];
if (in_array($_POST['backendMethod'], ['ping', 'mtr', 'traceroute'])) {
if (!LookingGlass::isValidIpv4($_POST['targetHost']) &&
!$targetHost = LookingGlass::isValidHost($_POST['targetHost'], LookingGlass::IPV4)
) {
exitErrorMessage('No valid IPv4 provided.');
} }
} }
if (in_array($_POST['backendMethod'], ['ping6', 'mtr6', 'traceroute6'])) { if (in_array($_POST['backendMethod'], ['ping6', 'mtr6', 'traceroute6'])) {
if (!LookingGlass::isValidIpv6($_POST['targetHost'])) { if (!LookingGlass::isValidIpv6($_POST['targetHost']) ||
$targetHost = LookingGlass::isValidHost($_POST['targetHost'], LookingGlass::IPV4); !$targetHost = LookingGlass::isValidHost($_POST['targetHost'],LookingGlass::IPV6)
if (!$targetHost) { ) {
$errorMessage = 'No valid IPv6 provided.'; exitErrorMessage('No valid IPv6 provided.');
break;
}
$_SESSION['TARGET'] = $targetHost;
} }
} }
$_SESSION['TERMS'] = true; $_SESSION[LookingGlass::SESSION_TARGET_HOST] = $targetHost;
$_SESSION['BACKEND'] = true; $_SESSION[LookingGlass::SESSION_TOS_CHECKED] = true;
break; $_SESSION[LookingGlass::SESSION_CALL_BACKEND] = true;
exitNormal();
} }
$errorMessage = 'Unsupported POST received.';
break; $templateData['session_target'] = $_SESSION[LookingGlass::SESSION_TARGET_HOST] ?? '';
} while (true); $templateData['session_method'] = $_SESSION[LookingGlass::SESSION_TARGET_METHOD] ?? '';
$templateData['session_call_backend'] = $_SESSION[LookingGlass::SESSION_CALL_BACKEND] ?? false;
$templateData['session_tos_checked'] = isset($_SESSION[LookingGlass::SESSION_TOS_CHECKED]) ? ' checked' : '';
if (isset($_SESSION[LookingGlass::SESSION_ERROR_MESSAGE])) {
$templateData['error_message'] = $_SESSION[LookingGlass::SESSION_ERROR_MESSAGE];
unset($_SESSION[LookingGlass::SESSION_ERROR_MESSAGE]);
} }
if (LG_BLOCK_CUSTOM) { if (LG_BLOCK_CUSTOM) {