Implement a basic session expiration
It's rudimentary, but this should ensure that people will need to re-authenticate after closing their browser session
This commit is contained in:
parent
25e1ef9434
commit
d08d136990
|
@ -33,6 +33,11 @@ class AntAuth
|
||||||
$currentConfig = AntConfig::currentConfig();
|
$currentConfig = AntConfig::currentConfig();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If the credentials are still set valid, but the auth cookie has expired, re-require authentication.
|
||||||
|
if (!isset($_COOKIE['auth'])) {
|
||||||
|
AntAuth::requireAuth();
|
||||||
|
}
|
||||||
|
|
||||||
if ($currentConfig['admin']['username'] == $username && password_verify($password, $currentConfig['admin']['password'])) {
|
if ($currentConfig['admin']['username'] == $username && password_verify($password, $currentConfig['admin']['password'])) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -47,6 +52,8 @@ class AntAuth
|
||||||
*/
|
*/
|
||||||
private static function requireAuth()
|
private static function requireAuth()
|
||||||
{
|
{
|
||||||
|
setcookie("auth", "true");
|
||||||
|
|
||||||
$title = AntConfig::currentConfig('siteInfo.siteTitle');
|
$title = AntConfig::currentConfig('siteInfo.siteTitle');
|
||||||
header('WWW-Authenticate: Basic realm="' . $title . '"');
|
header('WWW-Authenticate: Basic realm="' . $title . '"');
|
||||||
http_response_code(401);
|
http_response_code(401);
|
||||||
|
|
Loading…
Reference in a new issue