weval-l99/v95_unify_auth.py

#!/usr/bin/env python3
# V95: Unify auth - /api/weval-auth-session.php login also sets weval_authenticated key
# so nginx /auth/check sees the session

path = "/var/www/html/api/weval-auth-session.php"
with open(path, "rb") as f:
    raw = f.read()

if b"V95 unified" in raw:
    print("ALREADY")
    exit(0)

# Find the login success block
marker = b"""    if (weval_verify_password($user, $pass)) {
        $_SESSION['weval_auth'] = true;
        $_SESSION['weval_user'] = $user;
        $_SESSION['weval_time'] = time();"""

if marker not in raw:
    print("MARKER NOT FOUND")
    exit(1)

replacement = b"""    if (weval_verify_password($user, $pass)) {
        $_SESSION['weval_auth'] = true;
        $_SESSION['weval_authenticated'] = true;  // V95 unified: also set key used by /auth/check
        $_SESSION['weval_user'] = $user;
        $_SESSION['weval_time'] = time();
        // V95 unified: also set HMAC remember-me cookie recognized by /auth/weval-auth.php
        $_AUTH_SECRET = 'W3v4l_Auth_S1mpl3_2026_X9K';
        $_AUTH_COOKIE = 'weval_session';
        $_exp = time() + (30 * 86400);
        $_sig = hash_hmac('sha256', $user . $_exp, $_AUTH_SECRET);
        $_cookie_data = base64_encode(json_encode(['user' => $user, 'sig' => $_sig, 'exp' => $_exp]));
        setcookie($_AUTH_COOKIE, $_cookie_data, $_exp, '/', '.weval-consulting.com', true, true);"""

raw = raw.replace(marker, replacement, 1)

# Also ensure logout clears both
logout_marker = b"if ($action === 'logout') {\n    $_SESSION = [];"
if logout_marker in raw:
    new_logout = b"""if ($action === 'logout') {
    // V95 unified: also clear the remember-me cookie
    setcookie('weval_session', '', time() - 3600, '/', '.weval-consulting.com', true, true);
    $_SESSION = [];"""
    raw = raw.replace(logout_marker, new_logout, 1)

with open(path, "wb") as f:
    f.write(raw)
print(f"Unified! size: {len(raw)}")