admin/quick-n-dirty
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rework secure_login_only configuration option to allow secure default and header checking

Browse Source
This commit is contained in:
Zankaria
2024-05-11 16:02:15 +02:00
parent 519dd27221
commit d700aa0522
4 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
inc/mod/auth.php
View File

@@ -118,7 +118,7 @@ function setCookies(): void {
error('setCookies() was called for a non-moderator!');
}
$is_https = Net\is_connection_secure();
$is_https = Net\is_connection_secure($config['cookies']['secure_login_only'] === 1);
$is_path_jailed = $config['cookies']['jail'];
$name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
@@ -235,7 +235,7 @@ function make_secure_link_token(string $uri): string {
function check_login(bool $prompt = false): void {
global $config, $mod;
$is_https = Net\is_connection_secure();
$is_https = Net\is_connection_secure($config['cookies']['secure_login_only'] === 1);
$is_path_jailed = $config['cookies']['jail'];
$expected_cookie_name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);

3
inc/mod/pages.php
View File

@@ -35,7 +35,8 @@ function mod_login($redirect = false) {
$args = [];
if ($config['cookies']['secure_login_only'] && !Net\is_connection_secure()) {
$secure_login_mode = $config['cookies']['secure_login_only'];
if ($secure_login_mode !== 0 && !Net\is_connection_secure($secure_login_mode === 1)) {
$args['error'] = $config['error']['insecure'];
} elseif (isset($_POST['login'])) {
// Check if inputs are set and not empty