From 2e474e2beeca137e68f0d56e16be7771721aa45a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mike=20Schw=C3=B6rer?= <mailport@mikescher.de>
Date: Thu, 1 Feb 2018 19:58:34 +0100
Subject: [PATCH] automatic cookie invalidation

---
 www/index.php          | 3 +++
 www/internals/base.php | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/www/index.php b/www/index.php
index bc6c1a7..8a7fb69 100644
--- a/www/index.php
+++ b/www/index.php
@@ -198,3 +198,6 @@ try {
 //TODO remove db table prefixes
 //TODO euler insert+show 32bit | 64bit mode
 //TODO send cache header (?)
+//TODO self update (admin+webhook)
+//TODO v4 subdomain+static
+//TODO redirect t https except for old hs scripts (by _opt)
\ No newline at end of file
diff --git a/www/internals/base.php b/www/internals/base.php
index 3eada85..01692f8 100644
--- a/www/internals/base.php
+++ b/www/internals/base.php
@@ -159,7 +159,7 @@ function convertLanguageToFlag($lang) {
 function setLoginCookie($user, $pass)
 {
 	$expires = time() + (24*60*60); // 24h
-	$hash = hash('sha256', $user . ';' . $pass);
+	$hash = hash('sha256', $user . ';' . $pass . ';' . gmdate('Y-m-d'));
 	setcookie('mikescher_auth', $hash, $expires);
 }
 
@@ -172,7 +172,7 @@ function isLoggedInByCookie()
 	if (key_exists('mikescher_auth', $_COOKIE))
 	{
 		if (strlen($_COOKIE['mikescher_auth']) !== 64) return $_loginCache = false;
-		$auth = hash('sha256', $CONFIG['admin_username'] . ';' . $CONFIG['admin_password']);
+		$auth = hash('sha256', $CONFIG['admin_username'] . ';' . $CONFIG['admin_password'] . ';' . gmdate('Y-m-d'));
 		if ($auth === $_COOKIE['mikescher_auth']) return $_loginCache = true;
 	}