obihann · August 29, 2015 14:15
diff --git a/generate.php b/generate.php
 <?php
    header('Content-Type: application/json');
    session_start();
 
    define("SESSION_SALT", "lowsaltdiet");
    
    $sessionKey = hash("sha512", SESSION_SALT . session_id());

    $post_data = array(
        'session' => session_id(),
        'key' => $sessionKey
    );

    $post_data = json_encode($post_data, JSON_FORCE_OBJECT);

    echo $post_data;
 ?>
diff --git a/verify.php b/verify.php
 <?php
    header('Content-Type: application/json');
    session_start();
    
    define("SESSION_SALT", "lowsaltdiet");
    
    $output = (object) response;
    $requestIP = $_SERVER['REMOTE_ADDR'];
    $sessionKey = hash("sha512", SESSION_SALT . session_id());
    $userSession = $_REQUEST["session"];
    $userSessionKey = $_REQUEST["session_key"];
    
    if($userSession == session_id() && $userSessionKey == $sessionKey) {
        $output->error = "auth";
        $output->response = "success";
    } else {
        $output->error = "auth";
        $output->response = sprintf("Your IP (%s) is not authorized on this server.", $requestIP);
    }
    
    echo json_encode($output);
 ?>
	<?php
	header('Content-Type: application/json');
	session_start();

	define("SESSION_SALT", "lowsaltdiet");

	$sessionKey = hash("sha512", SESSION_SALT . session_id());

	$post_data = array(
	'session' => session_id(),
	'key' => $sessionKey
	);

	$post_data = json_encode($post_data, JSON_FORCE_OBJECT);

	echo $post_data;
	?>