jake/spoons
1
Fork 0
mirror of https://github.com/jakejarvis/spoons.git synced 2025-04-26 12:18:27 -04:00
Code Releases Activity

disabling remember password option until I fix massive 3-year-old security hole. oops.... (issue #12)

Browse Source
This commit is contained in:
Jake Jarvis 2017-07-16 14:23:53 -04:00
parent 70be24caf5
commit d5f12cf9c6
1 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
public/login.php
View File

@ -6,19 +6,11 @@ session_start();
if($_SESSION['logged_in']) {
header("Location:" . $site_url . "/");
die();
} else if($_COOKIE['remembered'] == 'TRUE') {
$_SESSION['logged_in'] = TRUE;
header("Location:" . $site_url . "/");
die();
}
if(isset($_POST['password'])) {
if($_POST['password'] == $site_password) {
$_SESSION['logged_in'] = TRUE;
if($_POST['remember'] == "remember") {
$threeMonths = 60 * 60 * 24 * 90 + time();
setcookie('remembered', 'TRUE', $threeMonths);
}
header("Location:" . $site_url . "/");
die();
} else {
@ -218,9 +210,9 @@ if(isset($_POST['password'])) {
<img src="<?php echo $site_url ?>/assets/img/paulblart.png">
<input type="password" name="password" class="input-block-level" placeholder="Password">
<label class="checkbox">
<!--<label class="checkbox">
<input type="checkbox" name="remember" value="remember"> Remember this device
</label>
</label>-->
<button class="btn btn-large btn-success submit" type="submit">Leggo!</button>
</form>