flashii/misuzu
flashii/misuzu
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow login on http.

Browse source
This commit is contained in:
flash 2019-08-14 21:44:30 +02:00
commit 1b51cc99dc
4 changed files with 8 additions and 8 deletions

10
misuzu.php
View file

@ -439,9 +439,9 @@ MIG;
&& ctype_digit($_COOKIE['msz_uid']) && ctype_xdigit($_COOKIE['msz_sid']) && ctype_digit($_COOKIE['msz_uid']) && ctype_xdigit($_COOKIE['msz_sid'])
&& strlen($_COOKIE['msz_sid']) === 64) { && strlen($_COOKIE['msz_sid']) === 64) {
$_COOKIE['msz_auth'] = base64url_encode(user_session_cookie_pack($_COOKIE['msz_uid'], $_COOKIE['msz_sid'])); $_COOKIE['msz_auth'] = base64url_encode(user_session_cookie_pack($_COOKIE['msz_uid'], $_COOKIE['msz_sid']));
setcookie('msz_auth', $_COOKIE['msz_auth'], strtotime('1 year'), '/', '', true, true); setcookie('msz_auth', $_COOKIE['msz_auth'], strtotime('1 year'), '/', '', !empty($_SERVER['HTTPS']), true);
setcookie('msz_uid', '', -3600, '/', '', true, true); setcookie('msz_uid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
setcookie('msz_sid', '', -3600, '/', '', true, true); setcookie('msz_sid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
} }
if(!empty($_COOKIE['msz_auth']) && is_string($_COOKIE['msz_auth'])) { if(!empty($_COOKIE['msz_auth']) && is_string($_COOKIE['msz_auth'])) {
@ -462,7 +462,7 @@ MIG;
if($userDisplayInfo) { if($userDisplayInfo) {
if(!is_null($userDisplayInfo['user_deleted'])) { if(!is_null($userDisplayInfo['user_deleted'])) {
setcookie('msz_auth', '', -9001, '/', '', true, true); setcookie('msz_auth', '', -9001, '/', '', !empty($_SERVER['HTTPS']), true);
user_session_stop(true); user_session_stop(true);
$userDisplayInfo = []; $userDisplayInfo = [];
} else { } else {
@ -470,7 +470,7 @@ MIG;
user_session_bump_active(user_session_current('session_id')); user_session_bump_active(user_session_current('session_id'));
if(user_session_current('session_expires_bump')) { if(user_session_current('session_expires_bump')) {
setcookie('msz_auth', $_COOKIE['msz_auth'], strtotime('1 month'), '/', '', true, true); setcookie('msz_auth', $_COOKIE['msz_auth'], strtotime('1 month'), '/', '', !empty($_SERVER['HTTPS']), true);
} }
$userDisplayInfo['perms'] = perms_get_user($userDisplayInfo['user_id']); $userDisplayInfo['perms'] = perms_get_user($userDisplayInfo['user_id']);

2
public/auth/login.php
View file

@ -93,7 +93,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
$cookieLife = strtotime(user_session_current('session_expires')); $cookieLife = strtotime(user_session_current('session_expires'));
$cookieValue = base64url_encode(user_session_cookie_pack($userData['user_id'], $sessionKey)); $cookieValue = base64url_encode(user_session_cookie_pack($userData['user_id'], $sessionKey));
setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', true, true); setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', !empty($_SERVER['HTTPS']), true);
if(!is_local_url($loginRedirect)) { if(!is_local_url($loginRedirect)) {
$loginRedirect = url('index'); $loginRedirect = url('index');

2
public/auth/logout.php
View file

@ -7,7 +7,7 @@ if(!user_session_active()) {
} }
if(csrf_verify_request()) { if(csrf_verify_request()) {
setcookie('msz_auth', '', -9001, '/', '', true, true); setcookie('msz_auth', '', -9001, '/', '', !empty($_SERVER['HTTPS']), true);
user_session_stop(true); user_session_stop(true);
url_redirect('index'); url_redirect('index');
return; return;

2
public/auth/twofactor.php
View file

@ -68,7 +68,7 @@ while(!empty($twofactor)) {
$cookieLife = strtotime(user_session_current('session_expires')); $cookieLife = strtotime(user_session_current('session_expires'));
$cookieValue = base64url_encode(user_session_cookie_pack($tokenInfo['user_id'], $sessionKey)); $cookieValue = base64url_encode(user_session_cookie_pack($tokenInfo['user_id'], $sessionKey));
setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', true, true); setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', !empty($_SERVER['HTTPS']), true);
if(!is_local_url($redirect)) { if(!is_local_url($redirect)) {
$redirect = url('index'); $redirect = url('index');