1
0
Fork 0

Fix/improve middleware classes

master
Anonymous Contributor 2023-09-05 01:09:59 +02:00
parent 686e991266
commit 27899ce9c1
3 changed files with 2 additions and 3 deletions

View File

@ -8,7 +8,7 @@ class AdminMiddleware extends LoginRequiredMiddleware
public function canAccess(): bool public function canAccess(): bool
{ {
if (parent::canAccess()) { if (parent::canAccess()) {
return $_SESSION['UserLevel'] > 100; return $_SESSION['LEVEL'] > 100;
} }
return false; return false;

View File

@ -25,7 +25,6 @@ class LoginRequiredMiddleware extends SessionMiddleware
$getLevel->execute([$_SESSION['UUID']]); $getLevel->execute([$_SESSION['UUID']]);
if ($row = $getLevel->fetch()) { if ($row = $getLevel->fetch()) {
$_SESSION['LEVEL'] = $row['UserLevel']; $_SESSION['LEVEL'] = $row['UserLevel'];
session_set_cookie_params(86400);
return true; return true;
} }
else { else {

View File

@ -38,7 +38,7 @@ abstract class SessionMiddleware implements Middleware
break; break;
} }
if(!isset($_SESSION['csrf']) || strlen($_SESSION['csrf']) != 64) { if(!isset($_SESSION['csrf']) || !preg_match('/^[0-9a-f]{64}$/', $_SESSION['csrf'])) {
$_SESSION['csrf'] = bin2hex(random_bytes(32)); $_SESSION['csrf'] = bin2hex(random_bytes(32));
} }
} }