aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--index.php2
-rw-r--r--loginform.inc.php (renamed from login.inc.php)3
-rw-r--r--postform.inc.php3
-rw-r--r--timeline.inc.php3
4 files changed, 7 insertions, 4 deletions
diff --git a/index.php b/index.php
index 747b803..2b766a2 100644
--- a/index.php
+++ b/index.php
@@ -7,7 +7,7 @@
require_once(ROOT.DS.'single.inc.php');
} elseif(mb_strtolower(path(0)) === 'login') {
// show login form
- require_once(ROOT.DS.'login.inc.php');
+ require_once(ROOT.DS.'loginform.inc.php');
} elseif(mb_strtolower(path(0)) === 'new') {
if(isset($_COOKIE['microblog_login']) && $_COOKIE['microblog_login'] === sha1($config['url'].$config['admin_pass'])) {
// show the post form
diff --git a/login.inc.php b/loginform.inc.php
index 775e08b..8a6cad8 100644
--- a/login.inc.php
+++ b/loginform.inc.php
@@ -4,7 +4,8 @@
// handle login
if(isset($_POST['user']) && isset($_POST['pass'])) {
if($_POST['user'] === $config['admin_user'] && $_POST['pass'] === $config['admin_pass']) {
- setcookie('microblog_login', sha1($config['url'].$config['admin_pass']), NOW+$config['cookie_life']);
+ $domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
+ setcookie('microblog_login', sha1($config['url'].$config['admin_pass']), NOW+$config['cookie_life'], '/', $domain, false);
header('Location: '.$config['url'].'/new');
die();
diff --git a/postform.inc.php b/postform.inc.php
index 7d7f97e..417718c 100644
--- a/postform.inc.php
+++ b/postform.inc.php
@@ -4,7 +4,8 @@
// check user credentials
if(isset($_COOKIE['microblog_login']) && $_COOKIE['microblog_login'] === sha1($config['url'].$config['admin_pass'])) {
// correct auth data, extend cookie life
- setcookie('microblog_login', sha1($config['url'].$config['admin_pass']), NOW+$config['cookie_life']);
+ $domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
+ setcookie('microblog_login', sha1($config['url'].$config['admin_pass']), NOW+$config['cookie_life'], '/', $domain, false);
} else {
// wrong data, kick user to login page
header('HTTP/1.0 401 Unauthorized');
diff --git a/timeline.inc.php b/timeline.inc.php
index 3b0581f..5932aa7 100644
--- a/timeline.inc.php
+++ b/timeline.inc.php
@@ -5,7 +5,8 @@
// check user credentials
if(isset($_COOKIE['microblog_login']) && $_COOKIE['microblog_login'] === sha1($config['url'].$config['admin_pass'])) {
// correct auth data, extend cookie life
- setcookie('microblog_login', sha1($config['url'].$config['admin_pass']), NOW+$config['cookie_life']);
+ $domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
+ setcookie('microblog_login', sha1($config['url'].$config['admin_pass']), NOW+$config['cookie_life'], '/', $domain, false);
}
// pagination