fixes login issues

2024-07-03 09:37:35 +03:00 · 2024-07-03 09:37:35 +03:00 · 50b3409b47
parent eff4b073f5
commit 50b3409b47
4 changed files with 24 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,7 @@
 # Jilo Web

+This is still not operational. Goals for v.0.1 - browsing of basic info about Jilo config and about Jitsi Meet conferences.
+
 ## requirements

 - web server (deb: apache | nginx)
--- a/jilo-web.conf.php
+++ b/jilo-web.conf.php
@ -1,7 +1,7 @@
 <?php

 $config = [
-    'domain'		=> 'localhost.com',
+    'domain'		=> 'localhost',
    'folder'		=> '/jilo-web/',
    'database'		=> '/home/yasen/work/code/git/lindeas-code/jilo-web/jilo-web.db',
 ];
--- a/public_html/index.php
+++ b/public_html/index.php
@ -40,8 +40,11 @@ if (isset($_GET['page'])) {
    $page = 'front';
 }

-// logged in username
-if ( isset($_SESSION['username']) ) {
+// check if logged in
+if (isset($_COOKIE['username'])) {
+    if ( !isset($_SESSION['username']) ) {
+        $_SESSION['username'] = $_COOKIE['username'];
+    }
    $user = htmlspecialchars($_SESSION['username']);
 }

@ -67,6 +70,7 @@ if (in_array($page, $allowed_urls)) {
        // clean up session
        session_unset();
        session_destroy();
+        setcookie('username', "", time() - 100, $config['folder'], $config['domain'], isset($_SERVER['HTTPS']), true);

        $notice = "You were logged out.<br />You can log in again.";
        include 'templates/header.php';
--- a/public_html/pages/login.php
+++ b/public_html/pages/login.php
@ -20,26 +20,39 @@ try {
            if (isset($_POST['remember_me'])) {
                // 30*24*60*60 = 30 days
                $cookie_lifetime = 30 * 24 * 60 * 60;
+                $setcookie_lifetime = time() + 30 * 24 * 60 * 60;
                $gc_maxlifetime = 30 * 24 * 60 * 60;
            } else {
                // 0 - session end on browser close
                // 1440 - 24 minutes (default)
                $cookie_lifetime = 0;
+                $setcookie_lifetime = 0;
                $gc_maxlifetime = 1440;
            }

-            // set session lifetime
+            // set session lifetime and cookies
            ini_set('session.gc_maxlifetime', $gc_maxlifetime);
            session_set_cookie_params([
-                'lifetime' => $cookie_lifetime,
+                'lifetime' => $setcookie_lifetime,
                'samesite' => 'Strict',
                'httponly' => true,
                'secure' => isset($_SERVER['HTTPS']),
                'domain' => $config['domain'],
                'path' => $config['folder']
            ]);
+            session_name($username);
            session_start();

+            // FIXME it doesn't set a cookie with session_set_cookie_params only
+            setcookie('username', $username, [
+                'expires'	=> $setcookie_lifetime,
+                'path'		=> $config['folder'],
+                'domain'	=> $config['domain'],
+                'secure'	=> isset($_SERVER['HTTPS']),
+                'httponly'	=> true,
+                'samesite'	=> 'Strict'
+            ]);
+
            // redirect to index
            $_SESSION['notice'] = "Login successful";
            header('Location: index.php');