JAIL_COOKIES config directive.

This commit is contained in:
Savetheinternet 2010-12-01 16:42:48 +11:00
parent 5e63b4b8a0
commit 5c7de28ca6
2 changed files with 13 additions and 4 deletions

View File

@ -17,12 +17,14 @@
// The name of the session cookie (PHP's $_SESSION) // The name of the session cookie (PHP's $_SESSION)
define('SESS_COOKIE', 'imgboard', true); define('SESS_COOKIE', 'imgboard', true);
// Used to safely determine when the user was first seen, to prevent floods. // Used to safely determine when the user was first seen, to prevent floods.
// time() // time()
define('TIME_COOKIE', 'arrived', true); define('TIME_COOKIE', 'arrived', true);
// HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification. // HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification.
define('HASH_COOKIE', 'hash', true); define('HASH_COOKIE', 'hash', true);
// Where to set the 'path' parameter to ROOT when creating cookies. Recommended.
define('JAIL_COOKIES', true, true);
// How long should the cookies last (in seconds) // How long should the cookies last (in seconds)
define('COOKIE_EXPIRE', 15778463, true); //6 months define('COOKIE_EXPIRE', 15778463, true); //6 months

View File

@ -1,14 +1,21 @@
<?php <?php
// Set the session name.
session_name(SESS_COOKIE); session_name(SESS_COOKIE);
session_start();
// Set session parameters
session_set_cookie_params(0, JAIL_COOKIES?ROOT:'/');
// Start the session
session_start(COOKIE_EXPIRE);
// Session creation time
if(!isset($_SESSION['created'])) $_SESSION['created'] = time(); if(!isset($_SESSION['created'])) $_SESSION['created'] = time();
if(!isset($_COOKIE[HASH_COOKIE]) || !isset($_COOKIE[TIME_COOKIE]) || $_COOKIE[HASH_COOKIE] != md5($_COOKIE[TIME_COOKIE].SALT)) { if(!isset($_COOKIE[HASH_COOKIE]) || !isset($_COOKIE[TIME_COOKIE]) || $_COOKIE[HASH_COOKIE] != md5($_COOKIE[TIME_COOKIE].SALT)) {
$time = time(); $time = time();
setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, '/', null, false, true); setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, '/', null, false, true); setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
$user = Array('valid' => false, 'appeared' => $time); $user = Array('valid' => false, 'appeared' => $time);
} else { } else {
$user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]); $user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]);