Mikescher/www.mikescher.com
1
0
Fork 0
Code Actions

automatic cookie invalidation

Browse Source
This commit is contained in:
Mike Schwörer 2018-02-01 19:58:34 +01:00
parent aeebdaa71b
commit 2e474e2bee
Signed by: Mikescher
GPG Key ID: D3C7172E0A70F8CF
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
www/index.php
View File

@ -198,3 +198,6 @@ try {
//TODO remove db table prefixes //TODO remove db table prefixes
//TODO euler insert+show 32bit | 64bit mode //TODO euler insert+show 32bit | 64bit mode
//TODO send cache header (?) //TODO send cache header (?)
//TODO self update (admin+webhook)
//TODO v4 subdomain+static
//TODO redirect t https except for old hs scripts (by _opt)

4
www/internals/base.php
View File

@ -159,7 +159,7 @@ function convertLanguageToFlag($lang) {
function setLoginCookie($user, $pass) function setLoginCookie($user, $pass)
{ {
$expires = time() + (24*60*60); // 24h $expires = time() + (24*60*60); // 24h
$hash = hash('sha256', $user . ';' . $pass); $hash = hash('sha256', $user . ';' . $pass . ';' . gmdate('Y-m-d'));
setcookie('mikescher_auth', $hash, $expires); setcookie('mikescher_auth', $hash, $expires);
} }
@ -172,7 +172,7 @@ function isLoggedInByCookie()
if (key_exists('mikescher_auth', $_COOKIE)) if (key_exists('mikescher_auth', $_COOKIE))
{ {
if (strlen($_COOKIE['mikescher_auth']) !== 64) return $_loginCache = false; if (strlen($_COOKIE['mikescher_auth']) !== 64) return $_loginCache = false;
$auth = hash('sha256', $CONFIG['admin_username'] . ';' . $CONFIG['admin_password']); $auth = hash('sha256', $CONFIG['admin_username'] . ';' . $CONFIG['admin_password'] . ';' . gmdate('Y-m-d'));
if ($auth === $_COOKIE['mikescher_auth']) return $_loginCache = true; if ($auth === $_COOKIE['mikescher_auth']) return $_loginCache = true;
} }