-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.php
More file actions
86 lines (71 loc) · 3.4 KB
/
config.php
File metadata and controls
86 lines (71 loc) · 3.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
# turn on debug printing
define('DEBUG', getenv('DEBUG') === 'true');
define('ENVIRONMENT', getenv('ENVIRONMENT')); # Dev / QA / Prod
define('URL', 'https://'.getenv('HOSTNAME').'/');
define('BASE_URL', 'https://'.getenv('HOSTNAME'));
define('NUMBER_OF_MINUTES_PER_RUN', 1); // 1 minute normal gameplay per run
# Determine if running in web context (not CLI/cron)
define('IS_WEB_CONTEXT', php_sapi_name() !== 'cli');
# Harden Sessions (web container only)
if (IS_WEB_CONTEXT) {
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1); # once its HTTPS
ini_set('session.cookie_samesite', 'Strict');
}
# Connect to Redis
$redis = new Redis();
$redis->connect(getenv('REDIS_HOST'), intval(getenv('REDIS_PORT')));
if(DEBUG) {
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
} else {
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
}
error_reporting(E_ALL ^ E_DEPRECATED ^ E_WARNING); # otherwise barf on sessions due to headers already being sent
spl_autoload_register(function ($class_name) {
include_once( __DIR__ . "/classes/" . strtolower($class_name) . '.php');
});
# require composer
require __DIR__ . '/vendor/autoload.php';
$db = new \PDO('mysql:dbname=MultiverseIdle;host='.getenv('DB_HOST').';charset=utf8mb4', getenv('DB_USER'), getenv('DB_PASSWORD'));
$auth = new \Delight\Auth\Auth($db);
$DAL = new DAL($db); // modified to work off the same basis as Delight so 1 connect / 1 request
# RESEND
define('RESEND_API_KEY', getenv('RESEND_API_KEY'));
# Func files
require_once(__DIR__ . '/func/format_functions.php');
require_once(__DIR__ . '/func/formula_functions.php');
require_once(__DIR__ . '/func/common_functions.php');
require_once(__DIR__ . '/func/guest_processing.php');
require_once(__DIR__ . '/func/referral_functions.php');
require_once(__DIR__ . '/func/guild_tax.php');
require_once(__DIR__ . '/func/guild_buildings_func.php');
# Require data files
require_once(__DIR__ . '/data/resources.php');
require_once(__DIR__ . '/data/skillgems.php');
require_once(__DIR__ . '/data/gearnames.php');
# Web container only - session and CSRF handling
if (IS_WEB_CONTEXT) {
# authentication
if(isset($_SESSION['auth_logged_in']) && $_SESSION['auth_logged_in'] === 1) {
$_SESSION['user_id'] = $_SESSION['auth_user_id'];
$_SESSION['email'] = $_SESSION['auth_email'];
$_SESSION['username'] = $_SESSION['auth_username'];
}
# Ensure auth_user_id is always a safe int (0 for guests/unauthenticated)
# This prevents TypeError in code files that read $_SESSION['auth_user_id'] directly
$_SESSION['auth_user_id'] = (int)($_SESSION['auth_user_id'] ?? 0);
# Minimal CSRF Protection
if (empty($_SESSION['csrf-token'])) {
$_SESSION['csrf-token'] = bin2hex(random_bytes(32));
}
if ($_SERVER['REQUEST_METHOD'] === 'POST'
&& 'register' != strtok(strtok($_SERVER["REQUEST_URI"], '?'), '/')
&& 'login' != strtok(strtok($_SERVER["REQUEST_URI"], '?'), '/')) {
if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf-token']) {
die('CSRF token validation failed');
}
}
}