Logout Successful. You can login again here.
")); break; diff --git a/index.php b/index.php index 842251ce..8557c7a5 100755 --- a/index.php +++ b/index.php @@ -91,10 +91,11 @@ //default: peppermint from https://openclipart.org/detail/19571/peppermint-candy-by-bluefrog23 $favicon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAB3VBMVEXhERHbKCjeVVXjb2/kR0fhKirdHBziDg6qAADaHh7qLy/pdXXUNzfMAADYPj7ZPDzUNzfbHx/fERHpamrqMTHgExPdHx/bLCzhLS3fVFTjT0/ibm7kRkbiLi7aKirdISHeFBTqNDTpeHjgERHYJCTVODjYQkLaPj6/AADVOTnpbW3cIyPdFRXcJCThMjLiTU3ibW3fVVXaKyvcERH4ODj+8fH/////fHz+Fxf4KSn0UFD/CAj/AAD/Xl7/wMD/EhL//v70xMT/+Pj/iYn/HBz/g4P/IyP/Kyv/7Oz0QUH/9PT/+vr/ior/Dg7/vr7/aGj/QED/bGz/AQH/ERH/Jib/R0f/goL/0dH/qan/YWH/7e3/Cwv4R0f/MTH/enr/vLz/u7v/cHD/oKD/n5//aWn+9/f/k5P/0tL/trb/QUH/cXH/dHT/wsL/DQ3/p6f/DAz/1dX/XV3/kpL/i4v/Vlb/2Nj/9/f/pKT+7Oz/V1f/iIj/jIz/r6//Zmb/lZX/j4//T0//Dw/4MzP/GBj/+fn/o6P/TEz/xMT/b2//Tk7/OTn/HR3/hIT/ODj/Y2P/CQn/ZGT/6Oj0UlL/Gxv//f3/Bwf/YmL/6+v0w8P/Cgr/tbX0QkL+9fX4Pz/qNzd0dFHLAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfeCxINNSdmw510AAAA5ElEQVQYGQXBzSuDAQCA8eexKXOwmSZepa1JiPJxsJOrCwcnuchBjg4O/gr7D9zk4uAgJzvuMgcTpYxaUZvSm5mUj7TX7ycAqvoLIJBwStVbP0Hom1Z/ejoxrbaR1Jz6nWinbKWttGRgMSSjanPktRY6mB9WtRNTn7Ilh7LxnNpKq2/x5LnBitfz+hx0qxUaxhZ6vwqq9bx6f2XXvuUl9SVQS38NR7cvln3v15tZ9bQpuWDtZN3Lgh5DWJex3Y+z1KrVhw21+CiM74WZo83DiXq0dVBDYNJkFEU7WrwDAZhRtQrwDzwKQbT6GboLAAAAAElFTkSuQmCC"; -//the prefix that should be used in the cookie names +//the prefix that should be used in the names of the session variables. //defaults to an all lower case version of the site name with all non alphanumeric characters removed -//remember that changing this will log everyone out since the login cookie's name will have changed -$cookieprefix = preg_replace("/[^0-9a-z]/i", "", strtolower($sitename)); +//remember that changing this will log everyone out since the session varibles' name will have changed +//normally you wouldn't have to change this - this setting is left over from when we used a cookie to store login details +$sessionprefix = preg_replace("/[^0-9a-z]/i", "", strtolower($sitename)); /* Actions: @@ -123,18 +124,27 @@ /////////////////////////////////////////////////////////////////////////////////////////////// /////////////// Do not edit below this line unless you know what you are doing! /////////////// /////////////////////////////////////////////////////////////////////////////////////////////// -$version = "0.5"; +session_start(); ///////// Login System ///////// -if(!isset($_COOKIE[$cookieprefix . "-user"]) and - !isset($_COOKIE[$cookieprefix . "-pass"])) +//clear expired sessions +if(isset($_SESSION["$sessionprefix-expiretime"]) and + $_SESSION["$sessionprefix-expiretime"] < time()) +{ + //clear the session variables + $_SESSION = []; + session_destroy(); +} + +if(!isset($_SESSION[$sessionprefix . "-user"]) and + !isset($_SESSION[$sessionprefix . "-pass"])) { //the user is not logged in $isloggedin = false; } else { - $user = $_COOKIE[$cookieprefix . "-user"]; - $pass = $_COOKIE[$cookieprefix . "-pass"]; + $user = $_SESSION[$sessionprefix . "-user"]; + $pass = $_SESSION[$sessionprefix . "-pass"]; if($users[$user] == $pass) { //the user is logged in @@ -143,12 +153,13 @@ else { //the user's login details are invalid (what is going on here?) - //unset the cookie and the variables, treat them as an anonymous user, and get out of here + //unset the session variables, treat them as an anonymous user, and get out of here $isloggedin = false; unset($user); unset($pass); - setcookie($cookieprefix . "-user", null, -1, "/"); - setcookie($cookieprefix . "-pass", null, -1, "/"); + //clear the session data + $_SESSION = []; //delete al lthe variables + session_destroy(); //destroy the session } } //check to see if the currently logged in user is an admin @@ -797,6 +808,7 @@ function human_time_since($time) * %checklogin% |___/ */ case "checklogin": + //actually do the login if(isset($_POST["user"]) and isset($_POST["pass"])) { //the user wants to log in @@ -806,8 +818,9 @@ function human_time_since($time) { $isloggedin = true; $expiretime = time() + 60*60*24*30; //30 days from now - setcookie($cookieprefix . "-user", $user, $expiretime, "/"); - setcookie($cookieprefix . "-pass", hash("sha256", $pass), $expiretime, "/"); + $_SESSION["$sessionprefix-user"] = $user; + $_SESSION["$sessionprefix-pass"] = hash("sha256", $pass); + $_SESSION["$sessionprefix-expiretime"] = $expiretime; //redirect to wherever the user was going http_response_code(302); if(isset($_POST["goto"])) @@ -843,8 +856,10 @@ function human_time_since($time) $isloggedin = false; unset($user); unset($pass); - setcookie($cookieprefix . "-user", null, -1, "/"); - setcookie($cookieprefix . "-pass", null, -1, "/"); + //clear the session variables + $_SESSION = []; + session_destroy(); + exit(renderpage("Logout Successful", "Logout Successful. You can login again here.
")); break; diff --git a/settings.fragment.php b/settings.fragment.php index ffb7536f..83f5063f 100644 --- a/settings.fragment.php +++ b/settings.fragment.php @@ -88,10 +88,11 @@ //default: peppermint from https://openclipart.org/detail/19571/peppermint-candy-by-bluefrog23 $favicon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAB3VBMVEXhERHbKCjeVVXjb2/kR0fhKirdHBziDg6qAADaHh7qLy/pdXXUNzfMAADYPj7ZPDzUNzfbHx/fERHpamrqMTHgExPdHx/bLCzhLS3fVFTjT0/ibm7kRkbiLi7aKirdISHeFBTqNDTpeHjgERHYJCTVODjYQkLaPj6/AADVOTnpbW3cIyPdFRXcJCThMjLiTU3ibW3fVVXaKyvcERH4ODj+8fH/////fHz+Fxf4KSn0UFD/CAj/AAD/Xl7/wMD/EhL//v70xMT/+Pj/iYn/HBz/g4P/IyP/Kyv/7Oz0QUH/9PT/+vr/ior/Dg7/vr7/aGj/QED/bGz/AQH/ERH/Jib/R0f/goL/0dH/qan/YWH/7e3/Cwv4R0f/MTH/enr/vLz/u7v/cHD/oKD/n5//aWn+9/f/k5P/0tL/trb/QUH/cXH/dHT/wsL/DQ3/p6f/DAz/1dX/XV3/kpL/i4v/Vlb/2Nj/9/f/pKT+7Oz/V1f/iIj/jIz/r6//Zmb/lZX/j4//T0//Dw/4MzP/GBj/+fn/o6P/TEz/xMT/b2//Tk7/OTn/HR3/hIT/ODj/Y2P/CQn/ZGT/6Oj0UlL/Gxv//f3/Bwf/YmL/6+v0w8P/Cgr/tbX0QkL+9fX4Pz/qNzd0dFHLAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfeCxINNSdmw510AAAA5ElEQVQYGQXBzSuDAQCA8eexKXOwmSZepa1JiPJxsJOrCwcnuchBjg4O/gr7D9zk4uAgJzvuMgcTpYxaUZvSm5mUj7TX7ycAqvoLIJBwStVbP0Hom1Z/ejoxrbaR1Jz6nWinbKWttGRgMSSjanPktRY6mB9WtRNTn7Ilh7LxnNpKq2/x5LnBitfz+hx0qxUaxhZ6vwqq9bx6f2XXvuUl9SVQS38NR7cvln3v15tZ9bQpuWDtZN3Lgh5DWJex3Y+z1KrVhw21+CiM74WZo83DiXq0dVBDYNJkFEU7WrwDAZhRtQrwDzwKQbT6GboLAAAAAElFTkSuQmCC"; -//the prefix that should be used in the cookie names +//the prefix that should be used in the names of the session variables. //defaults to an all lower case version of the site name with all non alphanumeric characters removed -//remember that changing this will log everyone out since the login cookie's name will have changed -$cookieprefix = preg_replace("/[^0-9a-z]/i", "", strtolower($sitename)); +//remember that changing this will log everyone out since the session varibles' name will have changed +//normally you wouldn't have to change this - this setting is left over from when we used a cookie to store login details +$sessionprefix = preg_replace("/[^0-9a-z]/i", "", strtolower($sitename)); /* Actions: