php-vulnerabilities/index.php

<?php
include_once 'database.php';

$request = $_SERVER['REQUEST_URI'];
$path = parse_url($request, PHP_URL_PATH);

if (isset($_COOKIE["user_id"])) {
    /* error_log('cookie is set', 0); */
} else {
    /* error_log('cookie is NOT set', 0); */
    $ids = initializeApp(null);
    setcookie("user_id", $ids["user_id"], time() + 3600, "/");

    $_COOKIE["user_id"] = $ids["user_id"];
}

/* TODO: remove for prod code */
$file_path = __DIR__.$request;
$extension = pathinfo($file_path, PATHINFO_EXTENSION);
if ($extension === 'css') { 
    header('Content-Type: text/css');
    readfile($file_path);
    exit;
}
/* TODO: remove for prod code */

$page = match($path) {
    '', '/', '/products' => '/products.php',
    '/login' => '/login.php',
    '/register' => '/register.php',
    '/logout' => '/logout.php',
    '/orders' => '/orders.php',
    '/users' => '/users.php',
    default => '/404.php',
};

require __DIR__.$page;
?>