AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix http origin

This commit is contained in:
Marcus Hill 2022-01-15 16:07:22 +00:00
parent 083c322c9b
commit be8a18acc6
1 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
get_credential.php
View File

@ -2,16 +2,16 @@
/*
// Headers to allow extensions access (CORS)
$chrome_id = "to-be-confirmed";
$chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc";
$firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82";
$http_origin = $_SERVER['HTTP_ORIGIN'];
// Note, this IF doesn't seem to work currently either.
// Additionally, will require cookies set to SameSite None.
if ($http_origin == "$chrome_id" || $http_origin == "$firefox_id")
{
header("Access-Control-Allow-Origin: $http_origin");
header("Access-Control-Allow-Credentials: true");
if (isset($_SERVER['HTTP_ORIGIN'])) {
if($_SERVER['HTTP_ORIGIN'] == $chrome_id OR $_SERVER['HTTP_ORIGIN'] == $firefox_id){
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
}
}
// Additionally, will require cookies set to SameSite None.
include("config.php");
include("functions.php");
@ -64,16 +64,18 @@ if($session_user_role < 4){
if(isset($_GET['host'])){
$url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['host'])));
if(!empty($_GET['host'])){
$url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['host'])));
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
if(mysqli_num_rows($sql_logins) > 0){
$row = mysqli_fetch_array($sql_logins);
$data['found'] = "TRUE";
$data['username'] = htmlentities($row['login_username']);
$data['password'] = decryptLoginEntry($row['login_password']);
echo json_encode($data);
if(mysqli_num_rows($sql_logins) > 0){
$row = mysqli_fetch_array($sql_logins);
$data['found'] = "TRUE";
$data['username'] = htmlentities($row['login_username']);
$data['password'] = decryptLoginEntry($row['login_password']);
echo json_encode($data);
}
}
}