From e2c16072b9f49e9da105a58f1d7165bf41acc311 Mon Sep 17 00:00:00 2001
From: Haitem <silentislp@gmail.com>
Date: Mon, 26 Oct 2020 09:44:59 +0100
Subject: [PATCH] Reapir login cookies and session

---
 app/Bootstrap.php                   | 13 ++++++++++---
 app/models/managers/UserManager.php |  7 +++----
 public/js/setting.js                |  3 ++-
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/app/Bootstrap.php b/app/Bootstrap.php
index d174c2e..92a884c 100644
--- a/app/Bootstrap.php
+++ b/app/Bootstrap.php
@@ -4,11 +4,18 @@ error_reporting(E_ALL);
 ini_set( 'display_errors','1');
 
 //setup
-ini_set ('session.cookie_httponly', '1');
+session_set_cookie_params(
+    1209600,
+    str_replace('login', "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])),
+    str_replace("/var/www/", "", $_SERVER['DOCUMENT_ROOT']),
+    true,
+    true
+);
+/*ini_set ('session.cookie_httponly', '1');
 ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);
-ini_set('session.cookie_path', str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])));
+ini_set('session.cookie_path', str_replace('login', "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])));
 ini_set('session.cookie_secure', '1');
-ini_set('session.gc_maxlifetime', 1209600);
+ini_set('session.gc_maxlifetime', 1209600);*/
 mb_internal_encoding ("UTF-8");
 
 session_start();
diff --git a/app/models/managers/UserManager.php b/app/models/managers/UserManager.php
index 35339b4..5d54cc7 100644
--- a/app/models/managers/UserManager.php
+++ b/app/models/managers/UserManager.php
@@ -44,6 +44,7 @@ class UserManager
 	public static function login ($username, $password, $rememberMe) {
 		try {
 			if ($user = Db::loadOne ('SELECT * FROM users WHERE (LOWER(username)=LOWER(?) OR LOWER(email)=LOWER(?))', array ($username, $username))) {
+				var_dump($user);
 				if ($user['password'] == UserManager::getHashPassword($password)) {
 					if (isset($rememberMe) && $rememberMe == 'true') {
 						setcookie ("rememberMe", self::setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), BASEDIR, $_SERVER['HTTP_HOST'], 1);
@@ -96,11 +97,9 @@ class UserManager
 
 	public static function logout () {
 		unset($_SESSION['user']);
+		unset($_COOKIE['rememberMe']);
+		setcookie("rememberMe", 'false', 0 - time(), BASEDIR, $_SERVER['HTTP_HOST']);
 		session_destroy();
-		if (isset($_COOKIE['rememberMe'])){
-			unset($_COOKIE['rememberMe']);
-			setcookie("rememberMe", 'false', time(), BASEDIR, $_SERVER['HTTP_HOST']);
-		}
 	}
 
 	public static function setEncryptedCookie($value){
diff --git a/public/js/setting.js b/public/js/setting.js
index 664069a..50c8c2d 100644
--- a/public/js/setting.js
+++ b/public/js/setting.js
@@ -1,3 +1,4 @@
+
 navigator.permissions.query({name:'notifications'}).then(function(result) {
     var element = document.getElementById("notifications");
     if (result.state === 'granted') {
@@ -45,7 +46,7 @@ $( "button[name='deactivateOta']" ).click(function(){
         url: 'ajax',
         type: 'POST',
         data: {
-            "ota" : 'X',
+            "ota": 'X',
             "action": 'disable'
         },
         success: function(data){