perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

auth.php: disallow unencrypted logins by default

Browse source
This commit is contained in:
Zankaria 2024-04-30 11:31:06 +02:00
parent 003152095a
commit aa99d10f1a
5 changed files with 32 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
inc/mod/auth.php
View file

@ -4,6 +4,8 @@
* Copyright (c) 2010-2013 Tinyboard Development Group
*/
use Vichan\Functions\Net;
defined('TINYBOARD') or exit;
// create a hash/salt pair for validate logins
@ -105,19 +107,22 @@ function setCookies() {
if (!$mod)
error('setCookies() was called for a non-moderator!');
$is_https = Net\is_connection_secure();
setcookie($config['cookies']['mod'],
$mod['username'] . // username
':' .
$mod['hash'][0] . // password
':' .
$mod['hash'][1], // salt
time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', $config['cookies']['httponly']);
time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $is_https, $config['cookies']['httponly']);
}
function destroyCookies() {
global $config;
$is_https = Net\is_connection_secure();
// Delete the cookies
setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, $is_https, true);
}
function modLog($action, $_board=null) {
@ -174,6 +179,7 @@ function make_secure_link_token($uri) {
function check_login($prompt = false) {
global $config, $mod;
// Validate session
if (isset($_COOKIE[$config['cookies']['mod']])) {
// Should be username:hash:salt