mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-06-02 10:13:01 +00:00
Starbeamrainbowlabs
7d93aa6a10
- Use SameSite=Strict to avoid issues in modern browsers & prevent session-stealing attacks - Use Secure when requests run over HTTPS by default to avoid downgrade-based session-stealing attacks - Add warning for PHP <= 7.2, as it doesn't support SameSite in setcookie().
39 lines
1 KiB
PHP
39 lines
1 KiB
PHP
<?php
|
|
|
|
if(!is_cli()) session_start();
|
|
// Make sure that the login cookie lasts beyond the end of the user's session
|
|
send_cookie(session_name(), session_id(), time() + $settings->sessionlifetime);
|
|
///////// Login System /////////
|
|
// Clear expired sessions
|
|
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
|
$_SESSION[$settings->sessionprefix . "-expiretime"] < time())
|
|
{
|
|
// Clear the session variables
|
|
$_SESSION = [];
|
|
session_destroy();
|
|
}
|
|
|
|
if(isset($_SESSION[$settings->sessionprefix . "-user"]) and
|
|
isset($_SESSION[$settings->sessionprefix . "-pass"]))
|
|
{
|
|
// Grab the session variables
|
|
$env->user = $_SESSION[$settings->sessionprefix . "-user"];
|
|
|
|
// The user is logged in
|
|
$env->is_logged_in = true;
|
|
$env->user_data = $settings->users->{$env->user};
|
|
|
|
}
|
|
|
|
// Check to see if the currently logged in user is an admin
|
|
$env->is_admin = false;
|
|
if($env->is_logged_in) {
|
|
foreach($settings->admins as $admin_username){
|
|
if($admin_username == $env->user) {
|
|
$env->is_admin = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
/////// Login System End ///////
|