fix %DOMAIN_NAME%%CONTENT_DIR%

master
BodgeMaster 2021-09-08 10:15:50 +02:00
parent 2284f43919
commit 0629830c0b
2 changed files with 5 additions and 5 deletions

View File

@ -1,6 +1,6 @@
{ {
"REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/%DOMAIN_NAME%%CONTENT_DIR%\/login\/\\?error=session\"); die(); }", "REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/%DOMAIN_NAME%/%CONTENT_DIR%\/login\/\\?error=session\"); die(); }",
"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/\\?error=session\"); die();}}", "NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/\\?error=session\"); die();}}",
"SET_LOGIN_VARIABLE":"if (isset($_SESSION['user_id'])) { $login = true; } else { $login = false; }", "SET_LOGIN_VARIABLE":"if (isset($_SESSION['user_id'])) { $login = true; } else { $login = false; }",
"FORCE_LOGOUT":"$_SESSION = array(); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);} session_destroy();" "FORCE_LOGOUT":"$_SESSION = array(); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);} session_destroy();"
} }

View File

@ -15,15 +15,15 @@ if ($statement->rowCount() > 0) {
// IP and user agent string are used to prevent cheap session stealing // IP and user agent string are used to prevent cheap session stealing
$_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['user_http_user_agent'] = $_SERVER['HTTP_USER_AGENT']; $_SESSION['user_http_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/userhome/"); header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/userhome/");
} else { } else {
//password inorrect //password inorrect
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/?error=credentials"); header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/?error=credentials");
die(); die();
} }
} else { } else {
//wrong user name //wrong user name
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/?error=credentials"); header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/?error=credentials");
die(); die();
} }
?> ?>