Skip to content
Permalink
Browse files

Merge @bytewave's security fixes from ~2 months ago

  • Loading branch information
antigravities committed Apr 25, 2017
1 parent 5ed0b74 commit 44333762eed0e2e33f23df457f0fd41c2e107fb4
Showing with 13 additions and 8 deletions.
  1. +12 −0 inc/init.inc
  2. +1 −8 www/login.php
@@ -15,6 +15,18 @@

require_once("log.inc");
session_start();

// Regerate session IDs every 5 minutes
// https://paragonie.com/blog/2015/04/fast-track-safe-and-secure-php-sessions
if (!isset($_SESSION['canary'])) {
session_regenerate_id(true);
$_SESSION['canary'] = time();
}
if ($_SESSION['canary'] < time() - 300) {
session_regenerate_id(true);
$_SESSION['canary'] = time();
}

$logUser=updateLogUser($_SESSION);
elog("eeti2", "Pageview from " . $logUser . ": " . $_SERVER['REQUEST_URI']);

@@ -2,16 +2,8 @@

require_once("../inc/init.inc");

function session_fully_destroy(){
// Invalidate the cookie just in case session.use_strict_mode is still set to 0 for some reason
$params = session_get_cookie_params();
setcookie(session_name(), '', time()-42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
session_destroy();
}

if( @isset($_GET['logout']) ){
session_start();
session_fully_destroy();
header("Location: index.php?loggedout");
}

@@ -35,6 +27,7 @@ function session_fully_destroy(){
$res=authenticate($_POST['user'], $_POST['pass']);

if( $res > -1 ){
session_regenerate_id(true);
$_SESSION['user']=$_POST['user'];
$_SESSION['uid']=$res;
$_SESSION['ip']=$_SERVER["REMOTE_ADDR"];

2 comments on commit 4433376

@antigravities

This comment has been minimized.

Copy link
Contributor Author

@antigravities antigravities replied Apr 25, 2017

And by "Bytewave" I mean @BytewaveMLP, because he has a different username in our internal repository system and kjkjawdkljadlkjs

@BytewaveMLP

This comment has been minimized.

Copy link
Member

@BytewaveMLP BytewaveMLP replied Apr 25, 2017

I can't control when my username is taken. ¯\_(ツ)_/¯

Please sign in to comment.