forked from root/threadr.lostcave.ddnss.de
undoing changes, I guess
parent
d2bb9ceadb
commit
a3d60795d8
|
@ -1,5 +1,5 @@
|
|||
domain_name=threadr.lostcave.ddnss.de
|
||||
threadr_dir=/
|
||||
threadr_dir=/threadr
|
||||
db_username=webstuff
|
||||
db_password=Schei// auf Pa$$w0rter!
|
||||
db_database=web
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/%DOMAIN_NAME%/%CONTENT_DIR%\/login\/\\?error=session\"); die(); }",
|
||||
"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/\\?error=session\"); die();}}",
|
||||
"REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/%DOMAIN_NAME%%CONTENT_DIR%\/login\/\\?error=session\"); die(); }",
|
||||
"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/\\?error=session\"); die();}}",
|
||||
"SET_LOGIN_VARIABLE":"if (isset($_SESSION['user_id'])) { $login = true; } else { $login = false; }",
|
||||
"FORCE_LOGOUT":"$_SESSION = array(); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);} session_destroy();"
|
||||
}
|
||||
|
|
|
@ -11,15 +11,15 @@ if (!isset($login)){
|
|||
echo "<a class=\"icon ";
|
||||
if ($login){
|
||||
if ($navbar == "home"){
|
||||
echo "active\" href=\"%CONTENT_DIR%/userhome/\"><img src=\"/%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"My Feed\" title=\"My Feed\"";
|
||||
echo "active\" href=\"%CONTENT_DIR%/userhome/\"><img src=\"%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"My Feed\" title=\"My Feed\"";
|
||||
} else {
|
||||
echo "\" href=\"%CONTENT_DIR%/userhome/\"><img src=\"/%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"My Feed\" title=\"My Feed\"";
|
||||
echo "\" href=\"%CONTENT_DIR%/userhome/\"><img src=\"%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"My Feed\" title=\"My Feed\"";
|
||||
}
|
||||
} else {
|
||||
if ($navbar == "home"){
|
||||
echo "active\" href=\"%CONTENT_DIR%/\"><img src=\"/%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"Home\" title=\"Home\"";
|
||||
echo "active\" href=\"%CONTENT_DIR%/\"><img src=\"%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"Home\" title=\"Home\"";
|
||||
} else {
|
||||
echo "\" href=\"%CONTENT_DIR%/\"><img src=\"/%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"Home\" title=\"Home\"";
|
||||
echo "\" href=\"%CONTENT_DIR%/\"><img src=\"%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"Home\" title=\"Home\"";
|
||||
}
|
||||
}
|
||||
echo "/></a>";
|
||||
|
|
|
@ -15,15 +15,15 @@ if ($statement->rowCount() > 0) {
|
|||
// IP and user agent string are used to prevent cheap session stealing
|
||||
$_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR'];
|
||||
$_SESSION['user_http_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
|
||||
header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/userhome/");
|
||||
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/userhome/");
|
||||
} else {
|
||||
//password inorrect
|
||||
header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/?error=credentials");
|
||||
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/?error=credentials");
|
||||
die();
|
||||
}
|
||||
} else {
|
||||
//wrong user name
|
||||
header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/?error=credentials");
|
||||
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/?error=credentials");
|
||||
die();
|
||||
}
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue