diff --git a/assets/php/utils.php b/assets/php/utils.php index dca61ef..19c8ce6 100644 --- a/assets/php/utils.php +++ b/assets/php/utils.php @@ -25,11 +25,11 @@ function connect_user($user_id, $long_expiration = true) { global $PDO, $SESSION_COOKIE_NAME, $MAX_COOKIE_LIFE; - // Set an expiration delay for the cookie - $delay = 86400; - if ($long_expiration === true) { - $delay = $MAX_COOKIE_LIFE; - } + // Set the session max lifespan + $delay = $long_expiration === true ? $MAX_COOKIE_LIFE : 86400; + + // Set the cookie lifespan + $cookie_life = $long_expiration === true ? time() + $MAX_COOKIE_LIFE : 0; // The session id is a 32-chars random string $session_id = generate_random_string(); @@ -50,8 +50,11 @@ function connect_user($user_id, $long_expiration = true) return setcookie( $SESSION_COOKIE_NAME, $session_id, - time() + $delay, - $secure = true + $cookie_life, + "", + "", + true, + false ); } return false; diff --git a/login.php b/login.php index 3d30523..f517f8e 100644 --- a/login.php +++ b/login.php @@ -34,9 +34,14 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { // Check if username exists, if yes then verify password if (get_username_count($username) == 1) { if (correct_email_password($username, $password)) { - connect_user(get_user_id_from_email($username), false); - // Redirect user to welcome page - header("location: welcome.php"); + if (is_https()) { + connect_user(get_user_id_from_email($username), false); + + // Redirect user to welcome page + header("location: welcome.php"); + } else { + $username_err = "Please use HTTPS."; + } } else { // Display an error message if password is not valid $username_err = "Invalid Username/Password.";