Mikescher/www.mikescher.com
1
0
Fork 0
Code Actions

automatic cookie invalidation

Browse Source
This commit is contained in:
Mike Schwörer 2018-02-01 19:58:34 +01:00
parent aeebdaa71b
commit 2e474e2bee
Signed by: Mikescher
GPG Key ID: D3C7172E0A70F8CF
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
www/index.php
View File

@ -198,3 +198,6 @@ try {
//TODO remove db table prefixes
//TODO euler insert+show 32bit | 64bit mode
//TODO send cache header (?)
//TODO self update (admin+webhook)
//TODO v4 subdomain+static
//TODO redirect t https except for old hs scripts (by _opt)

4
www/internals/base.php
View File

@ -159,7 +159,7 @@ function convertLanguageToFlag($lang) {
function setLoginCookie($user, $pass)
{
$expires = time() + (24*60*60); // 24h
$hash = hash('sha256', $user . ';' . $pass);
$hash = hash('sha256', $user . ';' . $pass . ';' . gmdate('Y-m-d'));
setcookie('mikescher_auth', $hash, $expires);
}
@ -172,7 +172,7 @@ function isLoggedInByCookie()
if (key_exists('mikescher_auth', $_COOKIE))
{
if (strlen($_COOKIE['mikescher_auth']) !== 64) return $_loginCache = false;
$auth = hash('sha256', $CONFIG['admin_username'] . ';' . $CONFIG['admin_password']);
$auth = hash('sha256', $CONFIG['admin_username'] . ';' . $CONFIG['admin_password'] . ';' . gmdate('Y-m-d'));
if ($auth === $_COOKIE['mikescher_auth']) return $_loginCache = true;
}