Reapir login cookies and session

This commit is contained in:
Haitem 2020-10-26 09:44:59 +01:00
parent c7e18d6959
commit e2c16072b9
3 changed files with 15 additions and 8 deletions

View File

@ -4,11 +4,18 @@ error_reporting(E_ALL);
ini_set( 'display_errors','1'); ini_set( 'display_errors','1');
//setup //setup
ini_set ('session.cookie_httponly', '1'); session_set_cookie_params(
1209600,
str_replace('login', "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])),
str_replace("/var/www/", "", $_SERVER['DOCUMENT_ROOT']),
true,
true
);
/*ini_set ('session.cookie_httponly', '1');
ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']); ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);
ini_set('session.cookie_path', str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI']))); ini_set('session.cookie_path', str_replace('login', "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])));
ini_set('session.cookie_secure', '1'); ini_set('session.cookie_secure', '1');
ini_set('session.gc_maxlifetime', 1209600); ini_set('session.gc_maxlifetime', 1209600);*/
mb_internal_encoding ("UTF-8"); mb_internal_encoding ("UTF-8");
session_start(); session_start();

View File

@ -44,6 +44,7 @@ class UserManager
public static function login ($username, $password, $rememberMe) { public static function login ($username, $password, $rememberMe) {
try { try {
if ($user = Db::loadOne ('SELECT * FROM users WHERE (LOWER(username)=LOWER(?) OR LOWER(email)=LOWER(?))', array ($username, $username))) { if ($user = Db::loadOne ('SELECT * FROM users WHERE (LOWER(username)=LOWER(?) OR LOWER(email)=LOWER(?))', array ($username, $username))) {
var_dump($user);
if ($user['password'] == UserManager::getHashPassword($password)) { if ($user['password'] == UserManager::getHashPassword($password)) {
if (isset($rememberMe) && $rememberMe == 'true') { if (isset($rememberMe) && $rememberMe == 'true') {
setcookie ("rememberMe", self::setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), BASEDIR, $_SERVER['HTTP_HOST'], 1); setcookie ("rememberMe", self::setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), BASEDIR, $_SERVER['HTTP_HOST'], 1);
@ -96,11 +97,9 @@ class UserManager
public static function logout () { public static function logout () {
unset($_SESSION['user']); unset($_SESSION['user']);
session_destroy();
if (isset($_COOKIE['rememberMe'])){
unset($_COOKIE['rememberMe']); unset($_COOKIE['rememberMe']);
setcookie("rememberMe", 'false', time(), BASEDIR, $_SERVER['HTTP_HOST']); setcookie("rememberMe", 'false', 0 - time(), BASEDIR, $_SERVER['HTTP_HOST']);
} session_destroy();
} }
public static function setEncryptedCookie($value){ public static function setEncryptedCookie($value){

View File

@ -1,3 +1,4 @@
navigator.permissions.query({name:'notifications'}).then(function(result) { navigator.permissions.query({name:'notifications'}).then(function(result) {
var element = document.getElementById("notifications"); var element = document.getElementById("notifications");
if (result.state === 'granted') { if (result.state === 'granted') {
@ -45,7 +46,7 @@ $( "button[name='deactivateOta']" ).click(function(){
url: 'ajax', url: 'ajax',
type: 'POST', type: 'POST',
data: { data: {
"ota" : 'X', "ota": 'X',
"action": 'disable' "action": 'disable'
}, },
success: function(data){ success: function(data){