From be8a18acc6c5ad8d5e2fa0450059c102e0a9875d Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sat, 15 Jan 2022 16:07:22 +0000
Subject: [PATCH] Fix http origin

---
 get_credential.php | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/get_credential.php b/get_credential.php
index 27444a3c..fb1b8a84 100644
--- a/get_credential.php
+++ b/get_credential.php
@@ -2,16 +2,16 @@
 /*
 
 // Headers to allow extensions access (CORS)
-$chrome_id = "to-be-confirmed";
+$chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc";
 $firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82";
-$http_origin = $_SERVER['HTTP_ORIGIN'];
-// Note, this IF doesn't seem to work currently either.
-// Additionally, will require cookies set to SameSite None.
-if ($http_origin == "$chrome_id" || $http_origin == "$firefox_id")
-{
-    header("Access-Control-Allow-Origin: $http_origin");
-    header("Access-Control-Allow-Credentials: true");
+
+if (isset($_SERVER['HTTP_ORIGIN'])) {
+    if($_SERVER['HTTP_ORIGIN'] == $chrome_id OR $_SERVER['HTTP_ORIGIN'] == $firefox_id){
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
+    }
 }
+// Additionally, will require cookies set to SameSite None.
 
 include("config.php");
 include("functions.php");
@@ -64,16 +64,18 @@ if($session_user_role < 4){
 
 if(isset($_GET['host'])){
 
-    $url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['host'])));
+    if(!empty($_GET['host'])){
+        $url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['host'])));
 
-    $sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
+        $sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
 
-    if(mysqli_num_rows($sql_logins) > 0){
-        $row = mysqli_fetch_array($sql_logins);
-        $data['found'] = "TRUE";
-        $data['username'] = htmlentities($row['login_username']);
-        $data['password'] = decryptLoginEntry($row['login_password']);
-        echo json_encode($data);
+        if(mysqli_num_rows($sql_logins) > 0){
+            $row = mysqli_fetch_array($sql_logins);
+            $data['found'] = "TRUE";
+            $data['username'] = htmlentities($row['login_username']);
+            $data['password'] = decryptLoginEntry($row['login_password']);
+            echo json_encode($data);
+        }
     }
 }