fixes login issues

main
Yasen Pramatarov 2024-07-03 09:37:35 +03:00
parent eff4b073f5
commit 50b3409b47
4 changed files with 24 additions and 5 deletions

View File

@ -1,5 +1,7 @@
# Jilo Web
This is still not operational. Goals for v.0.1 - browsing of basic info about Jilo config and about Jitsi Meet conferences.
## requirements
- web server (deb: apache | nginx)

View File

@ -1,7 +1,7 @@
<?php
$config = [
'domain' => 'localhost.com',
'domain' => 'localhost',
'folder' => '/jilo-web/',
'database' => '/home/yasen/work/code/git/lindeas-code/jilo-web/jilo-web.db',
];

View File

@ -40,8 +40,11 @@ if (isset($_GET['page'])) {
$page = 'front';
}
// logged in username
if ( isset($_SESSION['username']) ) {
// check if logged in
if (isset($_COOKIE['username'])) {
if ( !isset($_SESSION['username']) ) {
$_SESSION['username'] = $_COOKIE['username'];
}
$user = htmlspecialchars($_SESSION['username']);
}
@ -67,6 +70,7 @@ if (in_array($page, $allowed_urls)) {
// clean up session
session_unset();
session_destroy();
setcookie('username', "", time() - 100, $config['folder'], $config['domain'], isset($_SERVER['HTTPS']), true);
$notice = "You were logged out.<br />You can log in again.";
include 'templates/header.php';

View File

@ -20,26 +20,39 @@ try {
if (isset($_POST['remember_me'])) {
// 30*24*60*60 = 30 days
$cookie_lifetime = 30 * 24 * 60 * 60;
$setcookie_lifetime = time() + 30 * 24 * 60 * 60;
$gc_maxlifetime = 30 * 24 * 60 * 60;
} else {
// 0 - session end on browser close
// 1440 - 24 minutes (default)
$cookie_lifetime = 0;
$setcookie_lifetime = 0;
$gc_maxlifetime = 1440;
}
// set session lifetime
// set session lifetime and cookies
ini_set('session.gc_maxlifetime', $gc_maxlifetime);
session_set_cookie_params([
'lifetime' => $cookie_lifetime,
'lifetime' => $setcookie_lifetime,
'samesite' => 'Strict',
'httponly' => true,
'secure' => isset($_SERVER['HTTPS']),
'domain' => $config['domain'],
'path' => $config['folder']
]);
session_name($username);
session_start();
// FIXME it doesn't set a cookie with session_set_cookie_params only
setcookie('username', $username, [
'expires' => $setcookie_lifetime,
'path' => $config['folder'],
'domain' => $config['domain'],
'secure' => isset($_SERVER['HTTPS']),
'httponly' => true,
'samesite' => 'Strict'
]);
// redirect to index
$_SESSION['notice'] = "Login successful";
header('Location: index.php');