mirror of
https://github.com/icecoder/ICEcoder.git
synced 2026-03-04 07:44:01 +01:00
Login now via POST instead of GET & password field
Login is now done over a POST for improved security Password box replaces text box, again for security
This commit is contained in:
Matt Pass
@@ -1,5 +1,5 @@
|
||||
<?php
|
||||
$versionNo = "v 0.5.4";
|
||||
$versionNo = "v 0.5.5";
|
||||
$codeMirrorDir = "CodeMirror-2.21";
|
||||
$cMThisVer = 2.21;
|
||||
$testcMVersion = false; // test if we're using the latest CodeMirror version
|
||||
@@ -32,7 +32,7 @@ function generateHash($plainText,$salt=null) {
|
||||
session_start();
|
||||
// Establish our user level
|
||||
if (!isset($_SESSION['userLevel'])) {$_SESSION['userLevel'] = 0;};
|
||||
if(isset($_GET['login']) && generateHash($_GET['login'],$accountPassword)==$accountPassword) {$_SESSION['userLevel'] = 10;};
|
||||
if(isset($_POST['loginPassword']) && generateHash($_POST['loginPassword'],$accountPassword)==$accountPassword) {$_SESSION['userLevel'] = 10;};
|
||||
$_SESSION['userLevel'] = $_SESSION['userLevel'];
|
||||
|
||||
if (!isset($_SESSION['restrictedFiles'])) {$_SESSION['restrictedFiles'] = $restrictedFiles;}
|
||||
@@ -66,7 +66,7 @@ if ($accountPassword == "" && isset($_GET['settings'])) {
|
||||
|
||||
<div class="screenCenter">
|
||||
<img src="../images/ice-coder.gif">
|
||||
<div class="version"><?php echo $versionNo;?></div>
|
||||
<div class="version"><?php echo $versionNo;?></div>
|
||||
|
||||
<form name="settingsUpdate" action="../index.php" method="POST">
|
||||
<input type="password" name="accountPassword" class="accountPassword">
|
||||
@@ -92,8 +92,10 @@ if ($accountPassword == "" && isset($_GET['settings'])) {
|
||||
$password = generateHash($_POST['accountPassword']);
|
||||
$settingsFile = 'lib/settings.php';
|
||||
$settingsContents = file_get_contents($settingsFile);
|
||||
// Replace our empty password with the one submitted by user
|
||||
$settingsContents = str_replace('$accountPassword = "";','$accountPassword = "'.$password.'";',$settingsContents);
|
||||
// Now update this file
|
||||
$settingsContents = str_replace('$accountPassword = "";','$accountPassword = "'.$password.'";',$settingsContents);
|
||||
$fh = fopen($settingsFile, 'w') or die("can't update settings file");
|
||||
fwrite($fh, $settingsContents);
|
||||
fclose($fh);
|
||||
// Set the session user level
|
||||
|
||||
Reference in New Issue
Block a user