diff options
| author | Alib <aliboba@free.fr> | 2010-03-01 11:36:09 +0100 |
|---|---|---|
| committer | Alib <aliboba@free.fr> | 2010-03-01 11:36:09 +0100 |
| commit | c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1 (patch) | |
| tree | 75ccb0e7d61576702f14986360f9a9ef9b88edfb | |
| parent | f6f2ae6bfa16609f0fe058d67ba49e01276c84a9 (diff) | |
| download | istreamdev-c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1.tar.gz istreamdev-c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1.tar.bz2 | |
secured auth with sh1 pass in cookie.
| -rwxr-xr-x | includes/inc_auth.php | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/includes/inc_auth.php b/includes/inc_auth.php index 92f0fc8..1545b7c 100755 --- a/includes/inc_auth.php +++ b/includes/inc_auth.php @@ -6,16 +6,21 @@ session_start(); if (isset($_COOKIE['istream'])) { - $authorized=true; + if(sha1($pass) == $_COOKIE['istream'] ) { + setcookie ("istream", sha1($pass), time()+60*60*24*30); + $authorized = true; + } else { + $authorised = false; + } } # checkup login and password if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { - if (($user == $_SERVER['PHP_AUTH_USER']) && ($pass == ($_SERVER['PHP_AUTH_PW'])) && isset($_SESSION['auth'])) + if (($user == $_SERVER['PHP_AUTH_USER']) && ($pass == ($_SERVER['PHP_AUTH_PW'])) ) { + setcookie ("istream", sha1($pass), time()+60*60*24*30); $authorized = true; - setcookie ("istream", "true", time()+60*60*24*30); } } @@ -24,7 +29,6 @@ if (!$authorized) { header('WWW-Authenticate: Basic Realm="Login please"'); header('HTTP/1.0 401 Unauthorized'); - $_SESSION['auth'] = true; echo "Login"; exit; } |