force login over https.
This commit is contained in:
parent
fe1d13d28b
commit
7cc6afb56c
@ -25,11 +25,11 @@ function connect_user($user_id, $long_expiration = true)
|
||||
{
|
||||
global $PDO, $SESSION_COOKIE_NAME, $MAX_COOKIE_LIFE;
|
||||
|
||||
// Set an expiration delay for the cookie
|
||||
$delay = 86400;
|
||||
if ($long_expiration === true) {
|
||||
$delay = $MAX_COOKIE_LIFE;
|
||||
}
|
||||
// Set the session max lifespan
|
||||
$delay = $long_expiration === true ? $MAX_COOKIE_LIFE : 86400;
|
||||
|
||||
// Set the cookie lifespan
|
||||
$cookie_life = $long_expiration === true ? time() + $MAX_COOKIE_LIFE : 0;
|
||||
|
||||
// The session id is a 32-chars random string
|
||||
$session_id = generate_random_string();
|
||||
@ -50,8 +50,11 @@ function connect_user($user_id, $long_expiration = true)
|
||||
return setcookie(
|
||||
$SESSION_COOKIE_NAME,
|
||||
$session_id,
|
||||
time() + $delay,
|
||||
$secure = true
|
||||
$cookie_life,
|
||||
"",
|
||||
"",
|
||||
true,
|
||||
false
|
||||
);
|
||||
}
|
||||
return false;
|
||||
|
@ -34,9 +34,14 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
// Check if username exists, if yes then verify password
|
||||
if (get_username_count($username) == 1) {
|
||||
if (correct_email_password($username, $password)) {
|
||||
if (is_https()) {
|
||||
connect_user(get_user_id_from_email($username), false);
|
||||
|
||||
// Redirect user to welcome page
|
||||
header("location: welcome.php");
|
||||
} else {
|
||||
$username_err = "Please use HTTPS.";
|
||||
}
|
||||
} else {
|
||||
// Display an error message if password is not valid
|
||||
$username_err = "Invalid Username/Password.";
|
||||
|
Loading…
Reference in New Issue
Block a user