From 27899ce9c16804f11f886c033aa1823dc33fef8e Mon Sep 17 00:00:00 2001 From: Anonymous Contributor Date: Tue, 5 Sep 2023 01:09:59 +0200 Subject: [PATCH] Fix/improve middleware classes --- app/middleware/AdminMiddleware.php | 2 +- app/middleware/LoginRequiredMiddleware.php | 1 - app/middleware/SessionMiddleware.php | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/app/middleware/AdminMiddleware.php b/app/middleware/AdminMiddleware.php index e12deae..277670d 100644 --- a/app/middleware/AdminMiddleware.php +++ b/app/middleware/AdminMiddleware.php @@ -8,7 +8,7 @@ class AdminMiddleware extends LoginRequiredMiddleware public function canAccess(): bool { if (parent::canAccess()) { - return $_SESSION['UserLevel'] > 100; + return $_SESSION['LEVEL'] > 100; } return false; diff --git a/app/middleware/LoginRequiredMiddleware.php b/app/middleware/LoginRequiredMiddleware.php index 37bed41..0bb6596 100644 --- a/app/middleware/LoginRequiredMiddleware.php +++ b/app/middleware/LoginRequiredMiddleware.php @@ -25,7 +25,6 @@ class LoginRequiredMiddleware extends SessionMiddleware $getLevel->execute([$_SESSION['UUID']]); if ($row = $getLevel->fetch()) { $_SESSION['LEVEL'] = $row['UserLevel']; - session_set_cookie_params(86400); return true; } else { diff --git a/app/middleware/SessionMiddleware.php b/app/middleware/SessionMiddleware.php index 2d0b4c7..79de43e 100644 --- a/app/middleware/SessionMiddleware.php +++ b/app/middleware/SessionMiddleware.php @@ -38,7 +38,7 @@ abstract class SessionMiddleware implements Middleware break; } - if(!isset($_SESSION['csrf']) || strlen($_SESSION['csrf']) != 64) { + if(!isset($_SESSION['csrf']) || !preg_match('/^[0-9a-f]{64}$/', $_SESSION['csrf'])) { $_SESSION['csrf'] = bin2hex(random_bytes(32)); } }