Sécurisation des cookies

This commit is contained in:
Fred Tempez 2020-07-12 17:50:09 +02:00
parent a3ef3e9cb2
commit 20732d5f8a
2 changed files with 11 additions and 3 deletions

View File

@ -219,7 +219,7 @@ class helper {
*/
public static function deleteCookie($cookieKey) {
unset($_COOKIE[$cookieKey]);
setcookie($cookieKey, '', time() - 3600, helper::baseUrl(false, false));
setcookie($cookieKey, '', time() - 3600, helper::baseUrl(false, false), '', false, true);
}
/**

View File

@ -386,9 +386,17 @@ class user extends common {
AND password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
AND $this->getData(['user', $userId, 'group']) >= self::GROUP_MEMBER
) {
// Protocol
$secure = false;
if(
(empty($_SERVER['HTTPS']) === false AND $_SERVER['HTTPS'] !== 'off')
OR $_SERVER['SERVER_PORT'] === 443
) {
$secure = true;
}
$expire = $this->getInput('userLoginLongTime') ? strtotime("+1 year") : 0;
setcookie('ZWII_USER_ID', $userId, $expire, helper::baseUrl(false, false));
setcookie('ZWII_USER_PASSWORD', $this->getData(['user', $userId, 'password']), $expire, helper::baseUrl(false, false));
setcookie('ZWII_USER_ID', $userId, $expire, helper::baseUrl(false, false), '', $secure, true);
setcookie('ZWII_USER_PASSWORD', $this->getData(['user', $userId, 'password']), $expire, helper::baseUrl(false, false), '', $secure, true);
// Accès multiples avec le même compte
$this->setData(['user',$userId,'accessCsrf',$_SESSION['csrf']]);
// Valeurs en sortie lorsque le site est en maintenance et que l'utilisateur n'est pas administrateur