JAIL_COOKIES config directive.

This commit is contained in:
Savetheinternet 2010-12-01 16:42:48 +11:00 committed by Paul Merrill
parent e149f3f1bd
commit 996a62c5f1
2 changed files with 13 additions and 4 deletions

View File

@ -17,12 +17,14 @@
// The name of the session cookie (PHP's $_SESSION)
define('SESS_COOKIE', 'imgboard', true);
// Used to safely determine when the user was first seen, to prevent floods.
// time()
define('TIME_COOKIE', 'arrived', true);
// HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification.
define('HASH_COOKIE', 'hash', true);
// Where to set the 'path' parameter to ROOT when creating cookies. Recommended.
define('JAIL_COOKIES', true, true);
// How long should the cookies last (in seconds)
define('COOKIE_EXPIRE', 15778463, true); //6 months

View File

@ -1,14 +1,21 @@
<?php
// Set the session name.
session_name(SESS_COOKIE);
session_start();
// Set session parameters
session_set_cookie_params(0, JAIL_COOKIES?ROOT:'/');
// Start the session
session_start(COOKIE_EXPIRE);
// Session creation time
if(!isset($_SESSION['created'])) $_SESSION['created'] = time();
if(!isset($_COOKIE[HASH_COOKIE]) || !isset($_COOKIE[TIME_COOKIE]) || $_COOKIE[HASH_COOKIE] != md5($_COOKIE[TIME_COOKIE].SALT)) {
$time = time();
setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, '/', null, false, true);
setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, '/', null, false, true);
setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
$user = Array('valid' => false, 'appeared' => $time);
} else {
$user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]);