Fix/improve middleware classes
parent
686e991266
commit
27899ce9c1
|
@ -8,7 +8,7 @@ class AdminMiddleware extends LoginRequiredMiddleware
|
||||||
public function canAccess(): bool
|
public function canAccess(): bool
|
||||||
{
|
{
|
||||||
if (parent::canAccess()) {
|
if (parent::canAccess()) {
|
||||||
return $_SESSION['UserLevel'] > 100;
|
return $_SESSION['LEVEL'] > 100;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -25,7 +25,6 @@ class LoginRequiredMiddleware extends SessionMiddleware
|
||||||
$getLevel->execute([$_SESSION['UUID']]);
|
$getLevel->execute([$_SESSION['UUID']]);
|
||||||
if ($row = $getLevel->fetch()) {
|
if ($row = $getLevel->fetch()) {
|
||||||
$_SESSION['LEVEL'] = $row['UserLevel'];
|
$_SESSION['LEVEL'] = $row['UserLevel'];
|
||||||
session_set_cookie_params(86400);
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
@ -38,7 +38,7 @@ abstract class SessionMiddleware implements Middleware
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!isset($_SESSION['csrf']) || strlen($_SESSION['csrf']) != 64) {
|
if(!isset($_SESSION['csrf']) || !preg_match('/^[0-9a-f]{64}$/', $_SESSION['csrf'])) {
|
||||||
$_SESSION['csrf'] = bin2hex(random_bytes(32));
|
$_SESSION['csrf'] = bin2hex(random_bytes(32));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue