・
0, 'path' => '/', 'domain' => '', 'secure' => true, 'httponly' => true, 'samesite' => 'Lax' ]); session_start(); session_regenerate_id(true); // データベースに接続 try { $option = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::MYSQL_ATTR_MULTI_STATEMENTS => false ); $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option); } catch(PDOException $e) { // 接続エラーのときエラー内容を取得する $error_message[] = $e->getMessage(); } //ログイン認証--------------------------------------------------- blockedIP($_SERVER['REMOTE_ADDR']); $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user"); if($is_login === false){ header("Location: ../index.php"); exit; }else{ $userid = safetext($is_login['userid']); $username = safetext($is_login['username']); $loginid = safetext($is_login["loginid"]); $role = safetext($is_login["role"]); $sacinfo = safetext($is_login["sacinfo"]); $myblocklist = safetext($is_login["blocklist"]); $myfollowlist = safetext($is_login["follow"]); $is_Admin = safetext($is_login["admin"]); } $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'"); $notiQuery->bindValue(':userid', $userid); $notiQuery->execute(); $notiData = $notiQuery->fetch(PDO::FETCH_ASSOC); $notificationcount = $notiData['notification_count']; if( !empty($pdo) ) { // データベース接続の設定 $dbh = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST, DB_USER, DB_PASS, array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, )); $userQuery = $dbh->prepare("SELECT userid,role,datetime FROM account WHERE userid = :userid"); $userQuery->bindValue(':userid', $userid); $userQuery->execute(); $userData = $userQuery->fetch(); } $is_trueclient = false; if(!(empty($_GET["session"])) && !(empty($_GET["client"])) && !(empty($_GET["scope"]))){ $is_trueclient = true; $session_code = safetext($_GET["session"]); if(strlen($session_code) > 512){ $is_trueclient = false; } $client_name = safetext($_GET["client"]); if(isset($_GET["icon"])){ $client_icon = safetext(urldecode($_GET["icon"])); }else{ $client_icon = "../img/sysimage/errorimage/emoji_404.png"; } if(isset($_GET["scope"])){ $client_scope_base = safetext(urldecode($_GET["scope"])); $client_scope_base = array_unique(array_map('trim', explode(",", $client_scope_base))); $client_scope = []; $securityScopes = ["write:me", "write:ueuse", "write:follow", "write:favorite", "write:notifications", "write:bookmark", "read:bookmark"]; $securityScopesView = false; foreach ($client_scope_base as $scope) { if (GetAPIScopes($scope)) { $client_scope[] = GetAPIScopes($scope); if($securityScopesView === false && in_array($scope, $securityScopes)){ $securityScopesView = true; } } else { $client_scope[] = "未知のスコープ ($scope)"; } } }else{ $client_scope[] = "権限なし"; } if(isset($_GET["about"])){ $client_about = safetext(urldecode($_GET["about"])); }else{ $client_about = "クライアントによる説明はありません。"; } if(isset($_GET["callback"])){ $client_callback = safetext(urldecode($_GET["callback"])); }else{ $client_callback = null; } }else{ $is_trueclient = false; } if(!(isset($is_done))){ $is_done = false; } if($is_trueclient === true){ if( !empty($_POST['allow_submit']) ) { $tokenQuery = $pdo->prepare("SELECT userid, token FROM api WHERE sessionid = :sessionid"); $tokenQuery->bindValue(':sessionid', $session_code); $tokenQuery->execute(); $tokenData = $tokenQuery->fetch(); if(!(empty($tokenData["userid"]))){ $error_message[] = "不正なリクエストです。"; } foreach ($client_scope_base as $scope) { if (GetAPIScopes($scope)) { $client_scope_done[] = $scope; }else{ $client_scope_done = array(); } } $client_scope_done = implode(",", $client_scope_done); if(empty($client_scope_done)){ $error_message[] = "不正な権限要求です。"; } if($role == "ice"){ $error_message[] = "アカウントが凍結されているためAPIトークンの発行は行えません。"; } if(empty($error_message)){ $pdo->beginTransaction(); try { $uniqid = createUniqId(); $token = GenAPIToken(); $datetime = date("Y-m-d H:i:s"); $stmt = $pdo->prepare("INSERT INTO api (uniqid, userid, token, scope, datetime, clientname, sessionid) VALUES (:uniqid, :userid, :token, :scope, :datetime, :clientname, :sessionid)"); $stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR); $stmt->bindParam(':userid', $userid, PDO::PARAM_STR); $stmt->bindParam(':token', $token, PDO::PARAM_STR); $stmt->bindParam(':scope', $client_scope_done, PDO::PARAM_STR); $stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR); $stmt->bindParam(':clientname', $client_name, PDO::PARAM_STR); $stmt->bindParam(':sessionid', $session_code, PDO::PARAM_STR); $res = $stmt->execute(); $res = $pdo->commit(); } catch(Exception $e) { $pdo->rollBack(); } if($res) { if(!(empty($client_callback))){ header("Location: ".$client_callback.""); exit; }else{ $is_done = true; } }else{ $is_done = false; actionLog($userid, "error", "api/auth", $client_name, $e->getMessage(), 3); $error_message[] = "APIトークンの生成に失敗しました...(REGISTED_DAME)"; } } } } require('../logout/logout.php'); ?>
・