86400 * 7, 'path' => '/', 'httponly' => true, 'samesite' => 'Lax', ]); session_start(); $authToken = $_GET['auth'] ?? ''; if (!$authToken) { header('Content-Type: application/json'); http_response_code(400); echo json_encode(['error' => 'Missing auth token']); exit; } $checkUrl = 'https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=' . urlencode($authToken); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $checkUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 10); $response = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpCode !== 200 || !$response) { header('Content-Type: application/json'); http_response_code(502); echo json_encode(['error' => 'Auth server unreachable']); exit; } $data = json_decode($response, true); if (!isset($data['status']) || $data['status'] !== 'success') { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Authentication failed', 'msg' => $data['msg'] ?? 'unknown']); exit; } $_SESSION['loggedin'] = true; $_SESSION['username'] = $data['username'] ?? 'unknown'; $_SESSION['id'] = $data['id'] ?? ''; $_SESSION['email'] = $data['email'] ?? ''; $_SESSION['telegram_id'] = $data['telegram_id'] ?? ''; $_SESSION['user_token'] = $data['user_token'] ?? ''; if (!headers_sent()) { $db = new Database(); $repo = new \Jakach\Logging\Storage\Repository($db); $allowedTokens = $repo->getAllowedUserTokens(); if (!empty($allowedTokens) && !in_array($_SESSION['user_token'], $allowedTokens, true)) { $_SESSION = []; session_destroy(); header('Content-Type: application/json'); http_response_code(403); echo json_encode(['error' => 'Your account is not authorized to access this system']); exit; } } $redirect = $_GET['redirect'] ?? '/'; header('Location: ' . $redirect); exit;