From 93e2e04e98c3cced2b26701ba0ea68dcdeef3a03 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 26 Sep 2019 20:58:11 +0200 Subject: [PATCH] fix cookies --- app/class/UserManager.php | 4 ++-- index.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/class/UserManager.php b/app/class/UserManager.php index ee09fc0..cc9e54a 100644 --- a/app/class/UserManager.php +++ b/app/class/UserManager.php @@ -26,7 +26,7 @@ class UserManager if ($user = Db::loadOne ('SELECT * FROM users WHERE LOWER(username)=LOWER(?)', array ($username))) { if ($user['password'] == UserManager::getHashPassword($password)) { if (isset($rememberMe) && $rememberMe == 'true') { - setcookie ("rememberMe", $this->setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['HTTP_REFERER'])), $_SERVER['HTTP_HOST'], 1); + setcookie ("rememberMe", $this->setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])), $_SERVER['HTTP_HOST'], 1); } $_SESSION['user']['id'] = $user['user_id']; $page = "./index.php"; @@ -62,7 +62,7 @@ class UserManager } public function logout () { - setcookie ("rememberMe","", time() - (30 * 24 * 60 * 60 * 1000), str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['HTTP_REFERER'])), $_SERVER['HTTP_HOST'], 1); + setcookie ("rememberMe","", time() - (30 * 24 * 60 * 60 * 1000), str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])), $_SERVER['HTTP_HOST'], 1); unset($_SESSION['user']); session_destroy(); } diff --git a/index.php b/index.php index bc86b43..22e389e 100644 --- a/index.php +++ b/index.php @@ -6,7 +6,7 @@ include_once './config.php'; //setup ini_set ('session.cookie_httponly', '1'); ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']); -ini_set('session.cookie_path', str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['HTTP_REFERER']))); +ini_set('session.cookie_path', str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI']))); ini_set('session.cookie_secure', '1'); session_start (); mb_internal_encoding ("UTF-8");