Switches to using php sessions

2024-01-18 14:09:17 -08:00 · 2024-01-18 14:09:17 -08:00 · dab96556f4
parent f5347c8925
commit dab96556f4
7 changed files with 35 additions and 29 deletions
--- a/admin-bar-partial.php
+++ b/admin-bar-partial.php
@ -1,11 +1,10 @@
-<?php $logged_in = $_COOKIE["checkin"] ?? null; ?>
-
-<?php if ( $logged_in && $logged_in == "waiting for expiry" ): ?>
+<?php session_start(); ?>
+<?php if ( isset( $_SESSION["user"] ) ): ?>

 <nav class="admin-bar">
  <ul>
    <li><a href="admin.php">Admin Area</a>
-    <li><a href="logout.php">Log Out</a>
+    <li><a href="admin.php?logout=1">Log Out</a>
  </ul>
 </nav>

--- a/admin.php
+++ b/admin.php
@ -70,7 +70,7 @@
      <ul class="inline">
        <li><a href="/">View Site</a></li>
        <li><a href="admin.php">Admin Home</a></li>
-        <li><a href="logout.php" class="logout">Log Out</a></li>
+        <li><a href="admin.php?logout=1" class="logout">Log Out</a></li>
      </ul>
    </header>
    <main>
--- a/blog_log.php
+++ b/blog_log.php
@ -1,14 +1,17 @@
 <?php
  include "pass_hash.php";
  const PW_FILE = "pass_hash.php";
-  $invalid = false;
-  $logged_in = $_COOKIE["checkin"] ?? null;
-  if ( $logged_in && $logged_in == "waiting for expiry" ) {
-    header("Location: admin.php");
-    die();
-  }
+
+  session_start();
+
  $user = $_POST["user"] ?? null;
  $pass = $_POST["password"] ?? null;
+
+  if ( isset( $_SESSION["user"] ) ) {
+    header("Location: /admin.php");
+    die();
+  }
+
  if ( $pass && $user ) {
    $secret = hash( "sha256", $user . $pass );
    if ( $secret ) {
@ -16,8 +19,8 @@
        error_log( $secret );
        error_log( BLOG_HASH );
        if ( $secret == BLOG_HASH ) {
-          setcookie("checkin", "waiting for expiry", time()+60*60*24*30, "/", "", false, true);
-          header("Location: admin.php");
+          $_SESSION["user"] = $user;
+          header("Location: /admin.php");
          die();
        } else {
          $invalid = true;
@ -40,8 +43,8 @@ PHP;
        }
        $success = file_put_contents( PW_FILE, sprintf( $template, $secret ) );
        if ( !$success ) die( "Internal server error" );
-        setcookie("checkin", "waiting for expiry", time()+60*60*24*30, "/", "", false, true);
-        header("Location: admin.php");
+        $_SESSION["user"] = $user;
+        header("Location: /admin.php");
        die();
      }
    }
@ -67,6 +70,9 @@ PHP;
    </style>
  </head>
  <body>
+    <header>
+    <a href="/">Home</a>
+    </header>
    <div class="logo">
      <img src="chickadee.svg">
    </div>
--- a/delete_data.php
+++ b/delete_data.php
@ -1,5 +1,6 @@
 <?php
 include_once "logcheck.php";
+
 $file = $_GET["f"] ?? null;
 $kind = $_GET["k"] ?? null;

--- a/logcheck.php
+++ b/logcheck.php
@ -1,12 +1,19 @@
 <?php

 if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
-  header("Location: 404.php");
+  header("Location: /404.php");
  die();
 }

-$logged_in = $_COOKIE["checkin"] ?? null;
-if ( !$logged_in || $logged_in != "waiting for expiry" ) {
-  header("Location: blog_log.php");
+session_start();
+
+if ( isset( $_GET["logout"] ) ) {
+  session_destroy();
+  unset( $_SESSION );
+}
+
+if ( !isset($_SESSION["user"] ) ) {
+  header("Location: /blog_log.php");
  die();
 }
+
--- a/new-post.php
+++ b/new-post.php
@ -1,10 +1,6 @@
 <?php
  // Bounce if not logged in
-  $logged_in = $_COOKIE["checkin"] ?? null;
-  if ( !$logged_in || $logged_in != "waiting for expiry" ) {
-    header("Location: blog_log.php");
-    die();
-  }
+  include_once( 'logcheck.php' );

  $ts = time();
  $title = isset( $_POST["post_title"] ) ? trim( $_POST["post_title"] ) : null;
--- a/rss_gen.php
+++ b/rss_gen.php
@ -1,10 +1,7 @@
 <?php
+
 // Bounce if not logged in
-$logged_in = $_COOKIE["checkin"] ?? null;
-if ( !$logged_in || $logged_in != "waiting for expiry" ) {
-  header("Location: blog_log.php");
-  die();
-}
+include_once( 'logcheck.php' );

 include_once( 'common.php' );
 include_once( 'config.php' );