1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-15 14:13:00 +00:00
Pepperminty-Wiki/core/10-login.php
Starbeamrainbowlabs 7d93aa6a10
Overhaul the way we use setcookie()
- Use SameSite=Strict to avoid issues in modern browsers & prevent 
session-stealing attacks
 - Use Secure when requests run over HTTPS by default to avoid 
downgrade-based session-stealing attacks
 - Add warning for PHP <= 7.2, as it doesn't support SameSite in 
setcookie().
2020-07-28 19:40:22 +01:00

38 lines
1 KiB
PHP

<?php
if(!is_cli()) session_start();
// Make sure that the login cookie lasts beyond the end of the user's session
send_cookie(session_name(), session_id(), time() + $settings->sessionlifetime);
///////// Login System /////////
// Clear expired sessions
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
$_SESSION[$settings->sessionprefix . "-expiretime"] < time())
{
// Clear the session variables
$_SESSION = [];
session_destroy();
}
if(isset($_SESSION[$settings->sessionprefix . "-user"]) and
isset($_SESSION[$settings->sessionprefix . "-pass"]))
{
// Grab the session variables
$env->user = $_SESSION[$settings->sessionprefix . "-user"];
// The user is logged in
$env->is_logged_in = true;
$env->user_data = $settings->users->{$env->user};
}
// Check to see if the currently logged in user is an admin
$env->is_admin = false;
if($env->is_logged_in) {
foreach($settings->admins as $admin_username){
if($admin_username == $env->user) {
$env->is_admin = true;
break;
}
}
}
/////// Login System End ///////